Cyber Security Researchers Warn Consumers About the Inherent Dangers of USB Sharing
Although most techies have known for a while that USB flash drives can transfer malware onto devices, the average computer user has no problem using their friend's USB drive to store and transfer files, and most people don't think twice about letting someone use their computer's USB port to charge a smartphone. However, according to cyber security researches, all USB storage drives have an inherent flaw built into them. What is that flaw you may ask?
Any device that connects to a computer via USB can theoretically trick the computer into thinking it is another device entirely. In other words, with a little bit of programming, a standard USB drive could easily pose as a network card to capture internet activity, or pose as a keyboard to input commands and stealthily take control of an operating system.
Okay, But What Are the Chances Someone Would Give You An Infected USB Drive?
So you probably don't have a direct relationship with a hacker or computer engineer that is capable of reprogramming a USB device, but it is important to realize that the problem is much bigger than “second-hand” exposure.
Malware has a way of spreading from one device to another via network connections, and even more alarming is the fact that a smartphone loaded with a malicious app can infect your computer via USB. This might make you think twice the next time someone asks if they can charge their phone using your laptop's USB port.
Isn't this a Problem That Has Been Known About For A While?
Although the fact that the information on USB flash drives can be spoofed is nothing new to the tech community, most consumers are completely unaware of just how easy it is for malware to get from one device to another within a local network or via the USB port. According to CNNMoney, researchers at SRLabs are expected to explain the flaw in detail at next week's Black Hat security conference in Las Vegas.
They've already tested several types of flash drives and Android phones, and although they have not yet tested the exploit on iPhones, there really is no reason to, because we can say without a doubt that ALL USB devices are capable of posing as another device. That is the the nature of the Universal Serial Bus (USB) – it is universal, meaning it is compatible with all types of devices.
Won't Antiviruses Stop this Type of Threat?
No, and that's the most pressing concern about this issue. USB spoofing, or duping as it is sometimes called, is not recognized as a form of malware by any antivirus software because technically it is not a virus, its just one device posing as another. For this reason, as of right now there really aren't many preventative measures that can be taken to completely safeguard a computer from infection via USB, other than boycotting the use of USB drives and USB-connected devices altogether.
In fact, since 2008 the U.S. Military has disabled all of its computer's USB drives and has banned the use of any flash drives to prevent government computers from being compromised. This is all very unfortunate news, considering the new Type-C reversible USB cable is expected to gain popularity fast in the next couple years. If you'd like to learn more about USB security, we recommend this USB flash drive security Wiki page as a starting point.