Here’s a cautionary tale for you to consider the next time you find a USB drive in a parking lot. Researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. They found that 48 percent of the drives were picked up and plugged into a computer, some within minutes of being dropped. The study dropped USB sticks containing HTML files that had img tags embedded; opening the files fetched the image from a remote server, allowing the researchers to track the USB drives’ use and rough location. It’s obviously not a perfect means to detect usage, but close enough. And, yes, I’m talking about people – students and staff – who hang around a university campus.
What’s wrong with plugging in a USB drive that you find you ask? Well, instead of a bunch of HTML files, what if it was ransomware, spyware, or other malware that was on the drives? Whomever plugged the drives into their computer would pretty much be in trouble at that point. Thus this is the ultimate Trojan Horse or social engineering attack which requires little or no skill to execute.
Now I know that it’s curiosity or a drive to do the right thing is what makes people plug these drives into their computers. But seriously, take a step back and think about how potentially dangerous doing so is. So the next time you find a USB drive someplace, you may want to think twice about plugging it in to see the contents.
Like this:
Like Loading...
Related
This entry was posted on April 12, 2016 at 9:22 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
#Fail: Half Of People Plug In USB Drives They Find
Here’s a cautionary tale for you to consider the next time you find a USB drive in a parking lot. Researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. They found that 48 percent of the drives were picked up and plugged into a computer, some within minutes of being dropped. The study dropped USB sticks containing HTML files that had
imgtags embedded; opening the files fetched the image from a remote server, allowing the researchers to track the USB drives’ use and rough location. It’s obviously not a perfect means to detect usage, but close enough. And, yes, I’m talking about people – students and staff – who hang around a university campus.What’s wrong with plugging in a USB drive that you find you ask? Well, instead of a bunch of HTML files, what if it was ransomware, spyware, or other malware that was on the drives? Whomever plugged the drives into their computer would pretty much be in trouble at that point. Thus this is the ultimate Trojan Horse or social engineering attack which requires little or no skill to execute.
Now I know that it’s curiosity or a drive to do the right thing is what makes people plug these drives into their computers. But seriously, take a step back and think about how potentially dangerous doing so is. So the next time you find a USB drive someplace, you may want to think twice about plugging it in to see the contents.
Share this:
Like this:
Related
This entry was posted on April 12, 2016 at 9:22 am and is filed under Commentary with tags Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.