In the age of email-based cyber attacks, it’s easy to forget that hackers can also make their way into systems large and small with hardware, especially USB devices.
According to a report by Honeywell Forge, 79% of cyber attacks via USB are able to disrupt operational technology, such as the day-to-day functions of an industrial facility. Fifty-one percent of them can give an attacker remote access. But it is not only the large industry that must protect against these threats; People should be wary of them, too. Here we will explain what a USB attack is and how you can avoid becoming a victim of it.
What is a USB attack?
(Illustration: Oleksandr Hruts/Getty Images)
A USB attack does pretty much what is written on the box: It uses a USB-connected device, such as a thumb drive or hard drive, to deliver malware to a computer or other USB-connected device, such as a smartphone. Bad USB devices can also be used to damage or destroy a computer by conducting an electrical charge.
One of the most troubling aspects of USB attacks is their ability to give hackers remote control of the system. The Stuxnet attack discovered in 2010, for example, hit famous Iranian nuclear development sites. The same types of breaches can be used to infiltrate facilities connected to the electricity grid, oil production, and other IoT networks.
There are dozens of ways a cyber attacker can use a USB drive to install a vulnerability on your computer. The two most common are via thumb drive devices and public USB charging ports, a practice known as juicing.
USB device attacks fall into three main categories, depending on what you do once you plug them into your device. Devices with reprogrammed internal microcontrollers will look like regular thumb drives, but once connected, they will perform another function, such as working like a keyboard and typing certain keystrokes. An example is the Rubber Ducky attack.
USB devices with reprogrammed internal firmware are changed so that their firmware automatically performs a certain function as soon as it is connected, such as installing malware or data theft. One example is the iSeeYou attack, which reprogrammed a certain class of Apple webcams so that the attacker could record video without the person’s knowledge.
USB attacks can also exploit flaws in the way computers and USB devices interact. A common example of this attack is a Device Firmware Upgrade (DFU) attack, which uses a USB device to reprogram legitimate firmware into something more malicious.
There are even attacks like USB killer, where the connected USB device stores power from the computer’s USB power lines until it reaches a certain level, then forcefully discharges it and fry the connected computer.
How to avoid USB attacks
(Illustration: Westend61/Getty Images)
While these attacks seem frightening, there are ways to prevent them.
Do not connect unknown drives
A great deal of USB threats are due to social engineering, or psychological tricks and tactics to get people to plug in a bad device. This is present in almost every type of cyber attack and fraud, and it is important not to fall into its trap.
If you see a USB drive you don’t know has fallen somewhere – like a parking lot –Do not connect it to your computer. Bad actors rely on human curiosity to help them infect your device. They will drop it off in a public place, like a hospital, and wait until someone delivers it. This is called a drop attack.
Another popular tactic is to mail USB drives to people and have them look like promotions from big tech stores like Best Buy. Bottom line: Be wary of any USB drives you find or receive for free, whether they’re from a company you know or don’t know.
Balance life with work
If you use a USB drive for work, keep it separate from anything personal to avoid transmitting malware from your home computer to your professional network. You can also regularly scan USB devices with your antivirus and/or anti-malware software, while the encryption software may prevent attackers from accessing your data in the event of a breach. If you think you have connected a hacked device to your computer, immediately disconnect the internet and restart your computer.
Disabling autoplay features on your devices will help prevent malicious code from automatically executing when you plug in a drive. In Windows, open Control Panel and search for File auto start settings. Deselect Use autoplay for all media and devices To prevent unknown devices from running without alerting you or asking for permission.
Off the net
If you urgently need to find out what is on an unfamiliar flash drive, you can try to use an “air gap” computer, which means that it is not connected to the Internet or to other networks.
Broken computers don’t mean tight security. The Iranian nuclear development facility hacked in the Stuxnet attack used an air-gap network, hacked with a bad USB. Once the drive was plugged in, the malware was unleashed. So if you test a suspicious drive on a computer with air holes, that’s the only thing you should be using that computer for, and the suspect USB drive shouldn’t be connected to any other computers in your network.
If you’re more tech-savvy, try downloading virtualization software, like the free VirtualBox from Oracle. It allows you to create a virtual environment on your PC that will run a simulation instance of your PC inside your PC. You can connect and open the drive in the virtual environment without affecting your files or your network. Windows Sandbox is also a built-in option for Windows users.
Don’t ignore updates
Keep your systems up to date, especially if you are using Windows. Many attackers take advantage of the fact that people often delay updating their systems, even if they include patches for serious bugs.
Keep your guard
There is no foolproof method for cyber security, and this includes the steps taken to prevent USB attacks. However, the methods described here are much better than plugging in a strange USB drive you’ve found and hoping for the best.
Remember to never trust unfamiliar drives, check the drives you use regularly, and take advantage of security options like passwords, PIN keys, and data encryption. We hope that being aware of the tactics used by cyber attackers along with hardware and hardware security will help you stay away from any bad digital infections.
Security Watch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2021-09-30T21:22:09.000000Z”,”last_published_at”:”2021-09-30T21:22:03.000000Z”,”created_at”:null,”updated_at”:”2021-09-30T21:22:09.000000Z”})” x-show=”showEmailSignUp()” class=”rounded bg-gray-lightest text-center md:px-32 md:py-8 p-4 font-brand mt-8 container-xs”>
Like what you read?
sign for security monitoring A newsletter of our top privacy and security stories delivered straight to your inbox.