Because USB drives, also known as thumb drives are small, readily available, inexpensive, and extremely portable, they are popular for storing and transferring data from one device to another. However, the same characteristics that make them convenient also introduce security risks and make them alluring to hackers.
Attackers may also use USB drives to steal information directly from your computer. If an attacker can physically access your computer, he or she can download sensitive information directly onto a USB drive.
What can a hacked USB stick do?
A malicious device can install malware such as Trojans, information stealers and much more. They can install browser hijackers that will take you to the hacker’s website of choice, which could host more malware, or inject adware or spyware onto your computer. While the outcomes of these threats can range from annoying to frightening, you can stay protected from these threats.
Even computers that have been turned off may be vulnerable because a computer’s memory remains active for several minutes without power. If an attacker plugs a USB drive into the computer during that time, he or she can quickly reboot the system from the USB drive and copy the computer’s memory, including encryption keys, passwords, and other sensitive data, onto the drive. Victims may not even realize that their computers were targeted.
How to stay protected?
- Don’t plug unknown flash drives into your computer– This is one of the most important things you should take care of. This is a trick used in social engineering, where the attacker relies on the curiosity of people. If you see a USB stick lying out in open or at public places, do NOT plug it into your computer to see what is there on it.
- Take advantage of security features – Use passwords and encryption on your USB drive to protect your data from hackers, and make sure that you have the information backed up in case you lose your drive.
- Keep personal and business USB drives separate – Do not use personal USB drives on systems owned by your organization, and do not use USB drives containing corporate information into your personal computer.
- Use secure USB drives– Some latest models have safety features such as fingerprint authentication that help protect the device from hackers. Always buy one with security features.
- Be careful where you purchase your USB drives from– As some third-party manufacturers are known to manufacture USB drives with malware on them. Always buy your flash drives from reputable, well-known manufacturers and sellers.
- Keep the software on your computer up to date– Software updates are crucial to the security of your computer, as they patch known vulnerabilities.
- Make sure to keep your Internet security software up to date– In case you accidentally use a device that contains malware, you can still be protected. You should get Internet security software as it can protect you from a host of issues other than just USB malware.
Aamir Lone is a Symantec Norton expert has been working in the technology industry from the last 3 year. As a technical expert, he has written technical blogs, manuals, white papers, and reviews for many websites such as norton.com/setup.