Your USB Thumb Drives Can Be Used to Compromise Your Computer!
These days, it’s very common for people to share or exchange USB devices. People hand them out at conferences, give them away, and forget them in computers. They are inexpensive and convenient. But be careful; a new exploit has been identified that makes these non-threatening thumb drives capable of malicious actions!
Recently, a major flaw was discovered in the firmware of USB devices that affects all USB devices. Storage devices, keyboards, mice, cell phones, and any other device that has a USB connection can be affected by this flaw. The threat runs deeper than just the information stored on USB drives; it is a flaw in how USB devices work. An attacker can manipulate or re-code a USB device and 99% of the time, it is undetectable as the USB device functions at a layer below that of antivirus software and is automatically trusted by the computer that it is plugged into. An infected USB device can completely take over a computer, invisibly alter files, redirect internet traffic, or capture usernames and passwords. Unfortunately, currently there is no fix for this, and this vulnerability will likely remain for years to come since it is a flaw in the way USB devices are made.
The researchers that discovered this vulnerability recently released the code on the internet hoping to get expedited collaboration to fix this problem, but this also gave access of the code to “bad guys.”
As of right now, we are advising our clients to be EXTREMELY careful with USB devices.
- NEVER buy a USB device that has been opened and returned. This includes anything that plugs into your computer with a USB cable.
- NEVER plug in a USB device that you find lying around. If you didn’t remove it from the original package, DO NOT plug it into a computer.
- If someone hands you a USB device, ask them where they got it. Did they get it new? Was it a gift? IF they are unsure, do not use the device.
What can you do to still use USB devices without worrying about this attack?
- Buy some new USB devices and only use them. If you need information from someone else, give THEM a USB device that you know is not compromised. Ask them to put the data you need on it.
- If someone needs to send you data, ask them to share the data with you through Dropbox or another sharing service, or ask them to burn the data to a CD.
We will continue to monitor this vulnerability and provide updates. As of now, we ask that you please be very careful with USB devices, and do not use USB devices from untrusted sources.
Thanks to Karl Epps for writing this article. As a computer forensic expert, he provides computer support services including computer claim consulting on computer issues and forensic technology services for more than 150 businesses. He is also an expert witness holding EnCE, CHFI, and CCFE certifications.
Copyright all rights reserved. Financial Forensic Services, LLC 2020 Brief quotation with attribution permitted.
THE PROTOCOL FOR LIFE
One Sunday a plainly dressed, scholarly-looking man went to church in the Netherlands and took a seat near the pulpit. A few minutes later, a lady approached the pew. Seeing a stranger sitting in it, she curtly advised him that this was “her seat.” He graciously apologized, and moved to one of the pews in the back of the church reserved for the poor. There, he joined in the service and left afterword without further incident. When the service was over, one of the woman’s friends asked her if she knew who it was she had ordered out of her pew. “No,” the woman replied casually, “only some stranger, I suppose.” She was shocked to learn from her friend that the stranger was King Oscar of Sweden, who was in the country visiting their queen. There’s a lesson here for you. Whether you go to a big church or a small one, Jesus the head of the church, said, “Where two or three are gathered together in My Name, I am there in the midst of them.” That means, Jesus, the King of Kings, will be present. You must recognize His presence, worship Him, and make Him your central focus. Otherwise, you might as well join a social club or just stay home. The psalmist gives us the protocol: “Enter into His gates with thanksgiving, and into His courts with praise. Be thankful to Him, and bless His name. For the Lord is good; His mercy is everlasting, and His truth endured to all generations”
Diagnostic & Prescriptive Judgment Enforcement
By: Joe H. Dickerson, CFE
$24.95 + FREE S&H
Please place your book orders by calling
during normal business hours Mon-Fri 9am-5pm MT.
or email firstname.lastname@example.org make an appointment
for a FREE initial review of your judgment. Thank you!