When I saw the tip from IBM warning us that the “free” USB drive might not be as harmless as we think, I was kind of stumped. Let’s face it, whenever vendors give out “freebies” no one says no! Even really horrible pens are almost all given away by the end of the event.
Sophos’ article sheds some light on how attackers have put malware into unsuspecting USB sticks and left them for people to use.
So what’s malware? And is it REALLY that bad? Malware is short for malicious software. These softwares have the tools to harm not only your computer but also can travel through the network to infect other computers. Few examples are bots, rootkits, Trojan horses, and viruses. For more information on the different types of malware, Veracode’s article does a great job.
As for the damage from these USB drives, it could be just an annoying spam all the way to something truly devastating. Prevention is better than cure, so take this tip to heart and do not plug in random drives into your computer.
Below are some of the tips Norton shares regarding steps that can be taken to ensure safety from these devices. To read about the software updates, check out my blog on Software Patching
My research showed me that avoiding untrusted devices isn’t just a one way street. So it’s not just a connecting device like a USB that can be harmful but also a main device like a computer that can do harm. An example of the latter is when phones are charged at public kiosks without any protection. This is known as Juice Jacking. This happens because the same USB cord that you can use to charge your device can also be used to transfer data in and out of your device. Effectively an attacker could take a peak into your private photos, information or can more aggressively push for a malware to enter your phone.
If you have to charge your device outside your home, then the leading practice is to use the charging cable that goes directly into an electrical outlet. For certain devices, simply powering them off before charging them in a public kiosk can also work. That being said, the BEST option would be to charge your phone at home. Or carry a personal charger/an extra battery. Once again, prevention is better than cure.
