5 Ways Your USB Stick Can Be a Security Risk

Christian Cawley 28-12-2016

It might store as little as 256 MB or as much as 256 GB, but as useful as your USB stick is, it can prove to be a major security risk.


We’ve recently looked at how a USB stick can be used to enhance your personal security and privacy 5 Ways a USB Stick Can Improve Your Security USB drives are usually the butt of security jokes because they can be vulnerable, but they can also be very useful for security when used in the right ways. Read More . This time, we’re focusing on the various security risks that can occur following misuse or a USB flash device.

Major security incidents, viruses, and USB-specific malware are among the risks you face. While these can be mitigated by adopting good practices, it’s important to appreciate just what is at stake if you don’t take steps to secure your USB flash drive.

1. Losing a USB Stick

Perhaps the most well-known security risks concerning USB flash devices are those that occur when a device is lost.

If you have password protected — or better still, encrypted — your USB flash device, then you should not be overly concerned when you lose it. Assuming you’ve still got the data backed up elsewhere, you’ll be fine. It’s astronomically unlikely that anyone will be able to break the encryption (certainly not using modern, commercially available hardware) so your data will remain safe whether the device is lost or stolen.

You might use encryption software TrueCrypt Is Dead: 4 Disk Encryption Alternatives For Windows TrueCrypt is no more, but fortunately there are other useful encryption programs. While they may not be exact replacements, they should suit your needs. Read More or buy a device with an encrypted partition.


Kingston Digital 16GB Data Traveler Locker + G3, USB 3.0 with Personal Data Security and Automatic Cloud Backup (DTLPG3/16GB) Kingston Digital 16GB Data Traveler Locker + G3, USB 3.0 with Personal Data Security and Automatic Cloud Backup (DTLPG3/16GB) Buy Now On Amazon $25.45

But losing a USB flash device without password protection is another matter entirely. We’re talking major security issues here, depending on the importance of the data stored. Of course, if it’s just your resume, you might not be overly concerned; on the other hand, these can be very personal documents, especially if it’s in draft.

Say you’re carrying sensitive data for your employer on a USB stick. Losing the device could result in a security incident being declared, internal investigation and perhaps a reprimand — or even the loss of your job.

The simple way to avoid losing a USB stick is to make sure it is stored securely on your person. Perhaps an inside pocket or somewhere it cannot be seen. It should also be placed where it will not be damaged, as excessive shock or pressure can break or corrupt the data. Our guide to hiding tech 6 Places To Hide Your HDDs & Memory Cards When You're Out Of Town You're going on holiday, leaving your computer and a vast treasure of irreplaceable data behind for a few days. What should you do in case of burglary or worse? Read More might give you some pointers.


2. Finding a USB Flash Drive

Just as concerning, but in a completely different way, is the security risk of finding a USB flash drive. “But, free stuff!” you’re probably thinking, and yes, potentially it is. Unfortunately, a USB flash drive can be used to fool you into loading malware onto your computer.

USB Drive on Marble
Image Credit: Roman Tiraspolsky via Shutterstock

A study has shown that almost 50 percent of people who find a USB flash device insert it into their computer without taking any precautions Do NOT Make This Mistake If You Ever Find a Stray USB Drive Finding a random USB drive laying around might arouse your curiosity, but STOP before you do anything rash. This one mistake could cause you a lot of pain and regret. Read More . Only security experts should be checking the contents of a found USB flash drive. Secure PCs with sandboxing and specialized security software should be used, not your laptop.

While some anti-virus software can protect autorun malware from infecting your PC from a USB flash device, this might not work if your system is not up-to-date. So, if you find a USB flash drive, leave it alone, or put it in the bin. Perhaps put a call out on social media for the owner.


But don’t plug it in.

3. Giving a USB Stick to a Friend

Perhaps you just received a new USB flash device and have decided that your older stick is no good for your purposes. If so, you might be thinking about selling or giving it away. While you might make enough small change for a light lunch, the most important thing on your mind should not be profit.

Instead, you should be thinking about data security. Have you deleted the contents of the disk? If so, was the data securely removed? Whether you’re giving the device to a friend or a stranger, you should certainly take the time to fully delete the contents.

USB Drive Held in Hands
Image Credit: Di Studio via Shutterstock


Several methods are available for securely wiping flash-based media How to Permanently Delete Data From a Flash Drive If you want to obliterate your flash drive so that nothing is recoverable, you'll need to take action. Here are a few simple methods you can use that require no technical expertise. Read More , but note that each read/write cycle will age the disk. As such, it’s best to simply wipe-and-bin older drives, as they might not last that long in the hands of their new owner.

4. USB-Specific Malware

While we’ve considered the risks of inserting a found USB flash drive into your PC, you need to know about the malware that can be run. Some standard Trojans and worms can be found auto-running, and these will attain a good level of success without security software on your PC.

And then there’s BadUSB Your USB Devices Aren't Safe Anymore, Thanks To BadUSB Read More .

Fortunately created by security researchers who kept the source code to themselves, BadUSB is nevertheless a good demonstration to hackers. Stored on the firmware of USB devices (which includes keyboards and phones as well as flash drives), it is virtually undetectable, and can result in a targeted PC being hijacked.

This isn’t an attack that is likely to be used on Joe Public. But the BadUSB proof of concept shows that an infected USB device could be used to target an individual. Perhaps someone working for a bank, or a military contractor.

5. Know Your USB Stick

Safe storage of your USB flash device is vital, but so is recognition. Security and privacy can be breached in embarrassing manner if you pass a USB stick to a colleague that turns out to have some salacious images of your partner stored on it.

And in your bag, the USB disk with the sales report on it still sits.

Wooden USB Opened With Hands
Image Credit: RomanR via Shutterstock

Often USB sticks are very difficult to tell apart. Unless they have been given a particularly ostentatious design (Lego, wood, etc), then it is easy to get them muddled up. Applying sticky labels is one option, but you might also consider having specific storage areas for them. Keep your personal drives separate from the ones you use for work, and always check the contents of a drive before handing it to someone else.

Just to be sure!

Do you know of any other ways a USB flash device can be a security risk? Have you encountered security issues with USB flash drives? Tell us in the comments!

Image Credit: Cherries via

Related topics: Computer Security, USB Drive.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *