USB drives, also known as thumb drives, flash drives and USB sticks, have become a popular form for storing and transporting files from one computer to another. Their appeal lies in the fact that they are small, readily available, inexpensive, and extremely portable.
With easy storage and portability comes a responsibility to ensure sensitive business data that can be placed on portable devices is safe and secure. However, these same characteristics make them attractive to attackers and also makes them more dangerous than previously thought. It’s not just USB drives that are at risk, any device that plugs into a USB port including electronic picture frames, iPods, and cameras can be used to spread malware.
Embedded within USB devices, from thumb drives thorough keyboards to smartphones, is a controller chip which allows the device and a computer it's connected to, to send information back and forth. It's this which means their malware doesn't sit in flash memory, but rather is hidden away in firmware, undeletable by all but the most technically knowledge. This fundamental design flaw leaves USB devices easily open for an attack.
There are numerous ways for attackers to use USB drives to infect computers. One method is to install malicious code, or malware, on the device that can detect when it is plugged into a computer. When the USB drive is plugged into a computer, the malware infects that computer. Another method is to download sensitive information directly onto a USB drive. The only thing needed to accomplish this is physical access to a computer on the network. Even computers that have been turned off may be vulnerable, because a computer’s memory is still active for several minutes without power. If an attacker can plug a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer’s memory, including passwords, encryption keys, and other sensitive data, onto the drive.
Possible threats to data
Steps to protect your USB’s data