USB, Don’t Trust Anything

The Tip
We should all know by now to never insert an unknown USB drive into our computer or laptop. Sadly, researchers are finding more and more crafty ways that criminals are abusing the ‘Universal’ part of Universal Serial Bus. We now have to be careful with more than just USB drives.

The Detail

New research from Ben-Gurion University has exposed 29 types of USB attacks, and these also extend to your smartphone. These attacks can take many shapes and can range from an electrical surge being sent to your device, destroying it, to micro controllers essentially acting as invisible keyboards sending instructions to your computer or phone. There are many non-trivial USB-based attacks out there. They show that you should never use a USB charger you find lying around, and those convenient public USB ports you might find in airports and the like, don’t use those. Basically, criminals are using off-the-shelf products and easily re-purposing them. They are hard to spot. Unfortunately, the Universal aspect of USB means that any of these devices, even a simple looking charger, can be used as a gateway for introducing spyware, ransomware, power spikes, and more.

The general safe rule of thumb is to treat technology and USB devices of all kinds as something to not naturally trust. If you found food or drugs lying on the ground, you wouldn’t pick it up and ingest it. It should be the same with things like USB chargers or headsets or drives or whatever. You need to be just as cautious. It’s an unfortunate aspect of the technological times we live in.

If you have more questions about these topics, please contact UTS and we’d be happy to offer what guidance we can. There is also a wealth of information to be found using your favourite search engine.

Thanks to Chuck S. for pointing me to an article on TechRepublic for this weeks inspiration. If you have any suggestions for future weekly tips, please email verdonv@nipissingu.ca.