Menu

USB Drives Could Lead to Identity Theft

New research reveals that USB Flash drives, ubiquitous devices that provide reusable memory storage and plug into a computer’s USB port, present an easy way for identity thieves to target victims.

According to German security researchers, USB-connected devices can be reprogrammed to dupe your computer into believing it is another device, such as a keyboard or network card.

The effects are profoundly dangerous and could lead to identity theft, bank fraud and even extortion.

Get LifeLock protection now.

If you use a USB drive that has been reprogrammed to emulate a keyboard, for example, the device could quietly type in commands and quickly take control of your computer. A USB drive that has been reprogrammed as a network card can reroute your Internet traffic, allowing someone to spy on all of your activity. A USB drive could also be used to boot a virus, infecting you computer’s operating system.

Security Research Labs, home of the researchers who recently discovered USB drives’ major flaw, published a report explaining that the versatility of these devices is also its “Achilles heel.”

“Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” the report says.

The problem is particularly troublesome because antivirus and protection software cannot currently detect it.

Details of the findings were presented this August at Black Hat 2014 cybersecurity conference in Las Vegas.

Despite the vulnerable nature of USB Flash drives, there are some precautions you can take to minimize any risks that they pose.

Use Trusted USB Devices

Only use USB Flash drives that you know and trust. To minimize any chances of misplacing USB drives or accidently using an unfamiliar one, stay organized and choose a specific spot to store USB drives when they are not in use.

Purchase Secure USB Drives

Some newer models of USB drives have safety features such as fingerprint authentication. There is also the option of purchasing USB drives with built-in encryption. If the USB drives you currently use do not have this feature, you can use a downloadable encryption program such as PGP that will require that any information is decoded before being viewed.

Don’t Copy Sensitive Personal Information

Avoid putting personal information such as your Social Security number or bank account information on a USB device. If the device is lost or stolen, your sensitive information could fall into the hands of an identity thief.

Use Antivirus Software

Although antivirus software cannot currently detect a suspicious USB drive, keeping your computer up to date with the latest antivirus protection can help minimize the risk of a bad USB drive infecting your operating system.

4 Million Members and Counting

Testimonial-Casey

"I would compare LifeLock to having that big older brother."- Casey S.

Testimonial-jamie

"All of my personal information, even my social security card, was taken".- Jamie A.


Sign up in minutes,
protection starts immediately.

Start Your Membership