It might store as little as 256 MB or as much as 256 GB, but as useful as your USB stick is, it can prove to be a major security risk.
We’ve recently looked at how a USB stick can be used to enhance your personal security and privacy. This time, we’re focusing on the various security risks that can occur following misuse or a USB flash device.
Major security incidents, viruses, and USB-specific malware are among the risks you face. While these can be mitigated by adopting good practices, it’s important to appreciate just what is at stake if you don’t take steps to secure your USB flash drive.
1. Losing a USB Stick
Perhaps the most well-known security risks concerning USB flash devices are those that occur when a device is lost.
If you have password protected — or better still, encrypted — your USB flash device, then you should not be overly concerned when you lose it. Assuming you’ve still got the data backed up elsewhere, you’ll be fine. It’s astronomically unlikely that anyone will be able to break the encryption (certainly not using modern, commercially available hardware) so your data will remain safe whether the device is lost or stolen.
You might use encryption software or buy a device with an encrypted partition.
But losing a USB flash device without password protection is another matter entirely. We’re talking major security issues here, depending on the importance of the data stored. Of course, if it’s just your resume, you might not be overly concerned; on the other hand, these can be very personal documents, especially if it’s in draft.
Say you’re carrying sensitive data for your employer on a USB stick. Losing the device could result in a security incident being declared, internal investigation and perhaps a reprimand — or even the loss of your job.
The simple way to avoid losing a USB stick is to make sure it is stored securely on your person. Perhaps an inside pocket or somewhere it cannot be seen. It should also be placed where it will not be damaged, as excessive shock or pressure can break or corrupt the data. Our guide to hiding tech might give you some pointers.
2. Finding a USB Flash Drive
Just as concerning, but in a completely different way, is the security risk of finding a USB flash drive. “But, free stuff!” you’re probably thinking, and yes, potentially it is. Unfortunately, a USB flash drive can be used to fool you into loading malware onto your computer.
A study has shown that almost 50 percent of people who find a USB flash device insert it into their computer without taking any precautions. Only security experts should be checking the contents of a found USB flash drive. Secure PCs with sandboxing and specialized security software should be used, not your laptop.
While some anti-virus software can protect autorun malware from infecting your PC from a USB flash device, this might not work if your system is not up-to-date. So, if you find a USB flash drive, leave it alone, or put it in the bin. Perhaps put a call out on social media for the owner.
But don’t plug it in.
3. Giving a USB Stick to a Friend
Perhaps you just received a new USB flash device and have decided that your older stick is no good for your purposes. If so, you might be thinking about selling or giving it away. While you might make enough small change for a light lunch, the most important thing on your mind should not be profit.
Instead, you should be thinking about data security. Have you deleted the contents of the disk? If so, was the data securely removed? Whether you’re giving the device to a friend or a stranger, you should certainly take the time to fully delete the contents.
Several methods are available for securely wiping flash-based media, but note that each read/write cycle will age the disk. As such, it’s best to simply wipe-and-bin older drives, as they might not last that long in the hands of their new owner.
4. USB-Specific Malware
While we’ve considered the risks of inserting a found USB flash drive into your PC, you need to know about the malware that can be run. Some standard Trojans and worms can be found auto-running, and these will attain a good level of success without security software on your PC.
Fortunately created by security researchers who kept the source code to themselves, BadUSB is nevertheless a good demonstration to hackers. Stored on the firmware of USB devices (which includes keyboards and phones as well as flash drives), it is virtually undetectable, and can result in a targeted PC being hijacked.
This isn’t an attack that is likely to be used on Joe Public. But the BadUSB proof of concept shows that an infected USB device could be used to target an individual. Perhaps someone working for a bank, or a military contractor.
5. Know Your USB Stick
Safe storage of your USB flash device is vital, but so is recognition. Security and privacy can be breached in embarrassing manner if you pass a USB stick to a colleague that turns out to have some salacious images of your partner stored on it.
And in your bag, the USB disk with the sales report on it still sits.
Often USB sticks are very difficult to tell apart. Unless they have been given a particularly ostentatious design (Lego, wood, etc), then it is easy to get them muddled up. Applying sticky labels is one option, but you might also consider having specific storage areas for them. Keep your personal drives separate from the ones you use for work, and always check the contents of a drive before handing it to someone else.
Just to be sure!
Do you know of any other ways a USB flash device can be a security risk? Have you encountered security issues with USB flash drives? Tell us in the comments!
Image Credit: Cherries via Shutterstock.com