What Is a USB Attack and How to Prevent It
Can you get a virus from plugging in a USB? Most definitely. Is there a way to stay safe while plugging in a USB to your device? Absolutely.
USB keys are really versatile and often the default tool to share files and charge our devices. But while we casually use them, USBs have actually been involved in a number of high-profile security scandals.
For instance, did you know USB drives were once banned from the US Defense Department offices after one infected their computer system with a virus? This ban was later lifted, leading to infamous whistleblower Edward Snowden stealing NSA’s dark secrets on a thumb drive and sharing his findings with the world. And these are just two memorable examples out of many other USB-related scandals.
But let’s focus on your USB safety. Here, Clario will teach you how to prevent USB-based attacks and still keep using flash drives.
What is a USB attack?
This one is simple. A USB attack is pretty much any transmission of malicious software via a USB device. There are at least 29 different types of USB malware attacks capable of being carried out in many different ways. Here are the most common ones:
- Through USB drives. A USB can accidentally download an infected file from someone’s laptop, then transfer it to yours. Or a USB drive can be purposefully infected, then either directly or indirectly handed to you. Like, dropped in a parking lot for you to find it (it’s called a USB drop attack and is more popular than you’d imagine).
- Through USB ports in charging devices or stations. This is called juice-jacking, and there isn’t any information or guidance on how to protect a USB from the virus in this situation. The only way to stay safe is to avoid using public charging stations. Just carry a regular plug-in charger with you or keep a spare power bank on your person at all times.
What are the threats?
There are quite a few ways an infected USB key can compromise your safety:
- Malicious USB software can allow a hacker to control your device
- A third-party can acquire access to your webcam, microphone, or keyboard
- Hackers can steal your personal information or erase random data on your device
- An infected USB drive can even destroy your hardware
One of the most infamous and dangerous USB drop attacks is called Stuxnet. Once it infected software at industrial sites in Iran, including a uranium-enrichment plant. And well, the Iranese government systems were probably using cybersafety software. Still, a maliciously dropped USB stick managed to crawl its way into the system.
How does a USB virus attack devices?
There are plenty of ways! Attackers can pretty much use anything USB-related to transfer malicious software to you.
Though, we can name three main types of USB malware attacks:
- Malicious code is the most common USB attack. Once a user clicks on a file on a shady USB drive, it launches malicious code to download malware from the internet.
- Social engineering. Once a user opens the necessary file on a malicious USB stick, the person is redirected to a phishing site designed to trick them into typing personal information and credentials (email password, credit card details, etc.)
- HID or Human Interface Device spoofing. Designed like a USB drive, this hardware tricks users’ computers into thinking it’s a keyboard. Once plugged in, it commands the device to grant remote access to hackers. Crazy, right?
How to prevent bad USB attacks?
First of all, remember you are in charge of your safety, so follow these basic rules to stay secure:
- Keep personal and work-related USB sticks separately
- If you don’t know where the USB drive is coming from, don’t use it
- Occasionally change and update your USB keys
- Regularly scan your USB drives and devices with an antivirus
- Disable autorun features on all your devices (this will prevent any unknown files from launching without you knowing or giving permission)
- If you really need to get information from an unknown USB source, plug it into some sort of buffer device and scan it for malware
- If you have already plugged a suspicious USB drive in, immediately disconnect from the internet to prevent any downloads and restart your device
- Or avoid using USB sticks at all times! Just kidding. Get quality antivirus software instead.
* * *
If it’s predictable, it’s preventable. Now you know USB security tricks, you should be able to keep away from potential threats. And your antivirus will take care of the rest. Speaking of which, we have dozens of articles on anti-malware protection and cybersecurity on our blog. Keep reading and stay protected.
We’d like to stay in touch.
We’ve got something special to share! Enter your contact details below to be among the first to find out about the exciting changes we’ve got in the works as well as to receive special promotions.
Thanks for your subscription!
You’ll be the first to know about our updates. Please keep an eye on your mailbox.