Tags Malware

What Is a USB Attack and How to Prevent It

Can you get a virus from plugging in a USB? Absolutely. USB keys are really versatile and often the default tool to share files and charge our devices. But while we casually use them, USBs have actually been involved in a number of high-profile security scandals. Mobile devices could also be at risk—install Clario Anti Spy and run a Device system check to minimize the chances of getting your phone infected.

Get Clario

Get it for iOS, Android

Table of contents

How Serious Are USB-Attacks?

Did you know USB drives were once banned from the US Defense Department offices after one infected their computer system with a virus? This ban was later lifted, leading to infamous whistleblower Edward Snowden stealing NSA’s dark secrets on a thumb drive and sharing his findings with the world. And these are just two memorable examples out of many other USB-related scandals.

But let’s focus on your USB safety. Here, Clario Anti Spy will teach you how to prevent USB-based attacks and still keep using flash drives.

What is a USB attack?

This one is simple. A USB attack is pretty much any transmission of malicious software via a USB device. There are at least 29 different types of USB malware attacks capable of being carried out in many different ways. Here are the most common ones:

Through USB drives. A USB can accidentally download an infected file from someone’s laptop, then transfer it to yours. Or a USB drive can be purposefully infected, then either directly or indirectly handed to you. Like, dropped in a parking lot for you to find it (it’s called a USB drop attack and is more popular than you’d imagine).
Through USB ports in charging devices or stations. This is called juice-jacking, and there isn’t any information or guidance on how to protect a USB from the virus in this situation. The only way to stay safe is to avoid using public charging stations. Just carry a regular plug-in charger with you or keep a spare power bank on your person at all times.

USB threats aren't just a security issue on desktops. Mobile devices now support USB drives, so your phone could also be at risk. The best way to stay protected is by ensuring your iPhone or Android is running the latest and most secure version of the system software. An anti-spyware solution like Clario Anti Spy can help with that.

Here's how to run a Device system check with Clario Anti Spy:

Download and Clario Anti Spy and subscribe to create an account.
Tap Scan under Device system check.
Wait until the scan to complete and follow the instructions to resolve any security issues.

These Clario app screenshots show how to run a Device System Check to protect your iPhone or Android from potential USB attacks. — **Steps 1-3: Run a Device System Check with Clario Anti Spy to protect your phone.**

Clario Anti Spy also comes with more tools to keep your device secure. Don't miss out on the Anti-spy setup to enhance privacy across all areas and the Data breach monitor to receive alerts if your email or password is compromised. If you need help, tap the Messages icon to connect with a security expert 24/7.

What are the threats?

There are quite a few ways an infected USB key can compromise your safety:

Malicious USB software can allow a hacker to control your device
A third-party can acquire access to your webcam, microphone, or keyboard
Hackers can steal your personal information or erase random data on your device
An infected USB drive can even destroy your hardware

One of the most infamous and dangerous USB drop attacks is called Stuxnet. Once it infected software at industrial sites in Iran, including a uranium-enrichment plant. And well, the Iranese government systems were probably using cybersafety software.

Still, a maliciously dropped USB stick managed to crawl its way into the system.

How does a USB virus attack devices?

There are plenty of ways! Attackers can pretty much use anything USB-related to transfer malicious software to you.

Though, we can name three main types of USB malware attacks:

Malicious code is the most common USB attack. Once a user clicks on a file on a shady USB drive, it launches malicious code to download malware from the internet.
Social engineering. Once a user opens the necessary file on a malicious USB stick, the person is redirected to a phishing site designed to trick them into typing personal information and credentials (email password, credit card details, etc.)
HID or Human Interface Device spoofing. Designed like a USB drive, this hardware tricks users’ computers into thinking it’s a keyboard. Once plugged in, it commands the device to grant remote access to hackers. Crazy, right?

How to prevent bad USB attacks?

First of all, remember you are in charge of your safety, so follow these basic rules to stay secure:

Keep personal and work-related USB sticks separately
If you don’t know where the USB drive is coming from, don’t use it
Occasionally change and update your USB keys
Regularly scan your USB drives and devices with an antivirus
Disable autorun features on all your devices (this will prevent any unknown files from launching without you knowing or giving permission)
If you really need to get information from an unknown USB source, plug it into some sort of buffer device and scan it for malware
If you have already plugged a suspicious USB drive in, immediately disconnect from the internet to prevent any downloads and restart your device
Or avoid using USB sticks at all times! Just kidding. Get quality antivirus software instead.

Conclusion

If it’s predictable, it’s preventable. Now you know USB security tricks, you should be able to keep away from potential threats. And your antivirus will take care of the rest. However, don't forget your mobile devices—install Clario Anti Spy to make sure your phone's system software is safe and secure.

By Mary Atamaniuk

Updated: Apr 18, 2022

10 min read

Updated: Apr 18, 2022

10 min read

A digital content writer passionate about tech, marketing, and cybersecurity.