Skip to main content
ID Theft Resources

USB Drives Could Lead to Identity Theft

Written by Renee Morad for NortonLifeLock

New research reveals that USB Flash drives, ubiquitous devices that provide reusable memory storage and plug into a computer’s USB port, present an easy way for identity thieves to target victims.

According to German security researchers, USB-connected devices can be reprogrammed to dupe your computer into believing it is another device, such as a keyboard or network card.

The effects are profoundly dangerous and could lead to identity theft, bank fraud and even extortion.

Get LifeLock protection now.

If you use a USB drive that has been reprogrammed to emulate a keyboard, for example, the device could quietly type in commands and quickly take control of your computer. A USB drive that has been reprogrammed as a network card can reroute your Internet traffic, allowing someone to spy on all of your activity. A USB drive could also be used to boot a virus, infecting you computer’s operating system.

Security Research Labs, home of the researchers who recently discovered USB drives’ major flaw, published a report explaining that the versatility of these devices is also its “Achilles heel.”

“Since different device classes can plug into the same connectors, one type of device can turn into a more capable or malicious type without the user noticing,” the report says.

The problem is particularly troublesome because antivirus and protection software cannot currently detect it.

Details of the findings were presented this August at Black Hat 2014 cybersecurity conference in Las Vegas.

Despite the vulnerable nature of USB Flash drives, there are some precautions you can take to minimize any risks that they pose.

Use Trusted USB Devices

Only use USB Flash drives that you know and trust. To minimize any chances of misplacing USB drives or accidently using an unfamiliar one, stay organized and choose a specific spot to store USB drives when they are not in use.

Purchase Secure USB Drives

Some newer models of USB drives have safety features such as fingerprint authentication. There is also the option of purchasing USB drives with built-in encryption. If the USB drives you currently use do not have this feature, you can use a downloadable encryption program such as PGP that will require that any information is decoded before being viewed.

Don’t Copy Sensitive Personal Information

Avoid putting personal information such as your Social Security number or bank account information on a USB device. If the device is lost or stolen, your sensitive information could fall into the hands of an identity thief.

Use Antivirus Software

Although antivirus software cannot currently detect a suspicious USB drive, keeping your computer up to date with the latest antivirus protection can help minimize the risk of a bad USB drive infecting your operating system.

Editorial note: Our articles provide educational information for you. Norton LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Start your protection,
enroll in minutes.