Be wary of unknown USB sticks

A group of researchers proves the long-held conviction that hackers can trick users into inserting potentially dangerous USB drives into their computers. Photo Credit: Motherboard online report, 4/6/16

A group of researchers proves the long-held conviction that hackers can trick users into inserting potentially dangerous USB drives into their computers. Photo Credit: Motherboard online report, 4/6/16

Be wary of the unknown USB device you plug into your computer. These small flash-memory drives used to easily share files from computer to computer have become one of the easiest ways for hackers to install malicious software and gain access to a computer.

According to Business Insider, hackers will drop the USB sticks in heavily trafficked locations such as a parking lot or in an airport, hoping for a curious person to pick it up. It could be an off-the-shelf model with malware installed or a specially-designed weaponized USB. 

There are three ways these malicious attackers use USB sticks to compromise your data and hardware. 

One of these USB stick tricks is basically the same as an email phishing attack. All people need to do is plug in the stick and click on a file the hacker planted there, and once opened, the file will prompt the user to "enable macros." After this, the document will be able to run malicious software that can do anything from activating the webcam to keeping a running log of keystrokes. This technique is very effective. According to Business Insider, “a recent University of Illinois study found that nearly 50% of people will pick up a random USB stick and run through all the steps required to have their computer compromised.”

USB RUBBER DUCKY DELUXE

USB RUBBER DUCKY DELUXE

Then there is what is called “the rubber ducky,” which doesn't require the user to do anything other than plug it in. Business Insider reports, “The $40 device looks like a USB drive, but it's actually a mini computer that tricks a machine into thinking that it's a keyboard. Just as a computer will recognize a new keyboard once it's plugged in and automatically install its software, this thing ‘quacks like a keyboard and types like a keyboard,’ thus fooling the computer into running whatever commands a hacker has given.”

The most damaging USB stick is dubbed the “Kill Stick.” While a version of this has been around for nearly a year, ZDNet announced that a new, more dangerous weaponized version has entered the arena that, when plugged in, can destroy laptops, kiosks, ATMs, cars and more. Developed by a Hong Kong-based company and available on the market for about $53, it will rapidly charge its capacitors from the USB power supply when it is plugged in and then discharge, frying the affected device's circuits. ZDNet notes, “it fries almost any device with a USB port, though modern Apple hardware is apparently not affected.”

One might ask, why do nearly 50% of people actually fall for the USB stick drop trick? Many people have done so quite innocently and report that they just wanted to try to find the owner to return it. Others are just curious of what might be on the device. Either way, using an unknown USB device that you find or even those free ones they give away at conferences is a risk to your device and the entire network you are connected to. The bottom line, you should not open any emails, files, or use USBs you don't trust.