Malicious USBs can allow attackers to obtain a user's passwords, access their devices, and even irreversibly damage their computer.
It's understandable that when people find a misplaced USB drive or memory stick, they want to find out what it contains. Human curiosity is what attackers exploit, after all. However, plugging an unauthenticated device into your own or work computer can be very dangerous, and USB flash drives are still a common way for attackers to infect computers with viruses and malware. They can damage your devices and data in seconds. If you think this can't happen to you, think again! You can find a malicious flash drive on the street, at school, or at work. The problem with USB security is more complex than ever, and the popularity of related threats has only been amplified through the growing presence of online video tutorials on making these devices and the increased availability of hardware. It's not just flash drives that we’re talking about here – other USB devices can also be infected, including seemingly innocent cables. In addition to the aforementioned case of “lost” USBs, there are also cases of malicious flash drives that people receive for free as promotional materials at conferences, job fairs, or other events. In a nutshell, malicious USB attacks can be broken down into the following steps: First, the attacker uploads malicious code to the USB device, which is executed when connected to a computer or when the user opens an infected file stored on the drive. If the user has antivirus installed on their device, the risk is greatly reduced – this is because an antivirus program can detect the malicious behavior and stop the attack. The second option is to set the hardware of the USB device so that the computer perceives it as a keyboard or webcam when connected. This makes it easier for an attacker to overcome security measures and infect the user's computer with malware. The most commonly used type of such malicious device is the so-called Rubber Ducky, which appears to be a regular USB drive but actually mimics a keyboard. When plugged into a computer, it can "press" predetermined keys and execute malicious code. Rubber Ducky also appeared in the second season of Mr. Robot, which portrayed Rami Malek as a young hacker. (If you're thinking about what to tune into tonight, this series is definitely worth a watch!) A malicious USB device can allow a victim to steal stored passwords, gain access to sensitive files, or directly open a backdoor to gain control of a device. In rare cases, it can even damage the device so badly that it can no longer be used. Malicious USBs can also be an effective way for cybercriminals to bypass some corporate security measures. They can use them to gain access to a computer, server, or an organization’s network. An attacker usually only needs to wait for an employee to voluntarily plug the device into their work computer.How do malicious USB attacks work?
What are the dangers of USB flash drives?
How to protect yourself from malicious USB devices