USB drives can save a large amount of data, which can be transferred really quickly. But have you ever stopped to consider the security risks from just plugging it in?
“Can I charge my phone on your computer?”
That seemingly harmless favour that you might grant a colleague or even stranger, could be the reason your PC gets infected with dangerous viruses or malware. It’s even possible to compromise your most closely guarded online passwords – such as your internet banking credentials.
In this video on BBC News, Berlin based researcher Karsten Nohl, demonstrates how an ordinary Android phone, can be used as a keylogger. It records keystrokes secretly when connected to a PC.
In the demonstration, he manages to easily steal a user’s Paypal login details (fake details were used for the purposes of the demonstration).
The take home message from this demonstration is that you are trusting implicitly any unknown device when you connect it to your computer via USB. Of course, you know that your own devices are safe if you have never lent them to anybody else.
Whose device can you trust?
If you do not know and trust the device you are connecting to your computer via USB, then do not let it connect. It could potentially track any changes you make, or carry out any action that you could do all by saving information.
In the demonstration by Karsten Nohl, the Android phone was programmed to trick the computer into treating it as a network card. The phone was then able to redirect internet traffic to false websites designed to capture users’ information.
Found a USB? Don’t snoop!
Did you find a USB somewhere in your office building?
What about on the streets outside the office?
It is lost and the likelihood of it’s owner finding it again is minimal. Do not be tempted to find out whose device it is by plugging it in to your device.
Even USB devices that aren’t connected to the internet (as the phone was) can change settings on your computer and carry out actions that you would not wish them to.
You wouldn’t download a malicious document e-mailed to you, so why open a foreign object on your computer?
It could contain a virus or be a keylogger, collecting passwords, credit card information and more. A hacker may have planted it in your building for someone to find, you never know.
Watch out for your work device, as viruses can potentially access business data.
“When you connect an unknown device via USB, you are potentially trusting it as the new user of your computer.”
Keep this in mind when connecting devices via the USB ports on your computer!
So what do we recommend instead?
If you are dealing with work files a cloud-based solution might be more suitable than using a USB.
The risks of losing a USB device with confidential data are high in the current GDPR climate, with data breaches resulting in large fines.
With cloud-based technology, your data is stored securely on a File Share and Sync system (FSS), such as Autotask Workplace. This platform allows users to access data on any device with an internet connection, using a safe login and two-factor authentication.
When you join Netstar, you’ll be introduced to our security best practices during our onboarding process. We are always on hand to provide expert advice especially on security issues.