Why you should never plug in an unknown USB device
Malware-infected USB devices are a real problem. Do not connect such an unknown device to any of your machines.
USB devices, whatever they are, are extremely easy to use. Just connect. If the device is unknown, you can plug it in to see what’s on it, but it’s best not to.
Obviously, the product could be completely innocent, it could be the key of a person who simply forgot it. But it can also be a trap designed to use your curiosity to infect your own device with malware.
Malware Infected USB Devices Are a Real Problem
While you might think this only exists in movies, attackers infect USB devices with malware and deliberately leave them here and there to fool their victims. Targets are varied, from the common man to much more strategic profiles. In 2010 in Iran, the Stunext malware was able to infiltrate the country’s nuclear center despite the entire system being offline from the Internet.
In any case, this is a different kind of attack, more random. If phishing emails and other text messages are sent directly, you must first remove and connect the USB accessory. And the chances of this, oddly enough, are quite high. The study distributed about 300 of these USB devices, assembled on many campuses, and found that 98% of them were assembled by students and teachers, and about half chose to connect them to their computers, with the first connection occurring in just six minutes. In other words, hackers get their money’s worth quite easily in this scenario.
And this is not a new problem. In 2008, US-CERT (Computer Emergency Response Teams) issued a warning about USB devices infected with malware. Before that, floppy disks were used in the same way. And while we now prioritize the cloud over physical storage, USB devices are still widespread enough to pose a serious threat.
It is difficult to quantify the popularity of this threat, but with cyberattacks rife, prevention is better than cure. Avoiding plugging in an unknown USB device is a good cybersecurity practice because you don’t end up using the same password twice.
That being said, if you can’t satisfy your curiosity, you still have options. In a Reddit discussion, the user explains that he brings any USB devices he finds to a computer store. It’s hard to recommend this practice as you’re putting that store’s computers and possibly even their own network at risk, but the idea of reading information on someone else’s device is a good idea.
Leave a Reply