New research reveals that USB Flash drives, ubiquitous devices that provide reusable memory storage and plug into a computer’s USB port, present an easy way for identity thieves to target victims.
According to German security researchers, USB-connected devices can be reprogrammed to dupe your computer into believing it is another device, such as a keyboard or network card.
The effects are profoundly dangerous and could lead to identity theft, bank fraud and even extortion.
If you use a USB drive that has been reprogrammed to emulate a keyboard, for example, the device could quietly type in commands and quickly take control of your computer. A USB drive that has been reprogrammed as a network card can reroute your Internet traffic, allowing someone to spy on all of your activity. A USB drive could also be used to boot a virus, infecting you computer’s operating system.
Security Research Labs, home of the researchers who recently discovered USB drives’ major flaw, published a report explaining that the versatility of these devices is also its “Achilles heel.”
“Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” the report says.
The problem is particularly troublesome because antivirus and protection software cannot currently detect it.
Details of the findings were presented this August at Black Hat 2014 cybersecurity conference in Las Vegas.
Despite the vulnerable nature of USB Flash drives, there are some precautions you can take to minimize any risks that they pose.
Use Trusted USB Devices
Only use USB Flash drives that you know and trust. To minimize any chances of misplacing USB drives or accidently using an unfamiliar one, stay organized and choose a specific spot to store USB drives when they are not in use.
Purchase Secure USB Drives
Some newer models of USB drives have safety features such as fingerprint authentication. There is also the option of purchasing USB drives with built-in encryption. If the USB drives you currently use do not have this feature, you can use a downloadable encryption program such as PGP that will require that any information is decoded before being viewed.
Don’t Copy Sensitive Personal Information
Avoid putting personal information such as your Social Security number or bank account information on a USB device. If the device is lost or stolen, your sensitive information could fall into the hands of an identity thief.
Use Antivirus Software
Although antivirus software cannot currently detect a suspicious USB drive, keeping your computer up to date with the latest antivirus protection can help minimize the risk of a bad USB drive infecting your operating system.