Don’t buy USB gadgets this holiday season

My wife just told me about someone in her company who bought USB-powered hand-warming gloves. I cringed.

I am insanely suspicious of all USB-powered devices. I won’t let them near my computer. Why?

BadUSB, that’s why.

There’s a fun new exploit loose in the world. Some smart folks have figured out that there’s a re-writable chip inside millions (billions?) of cheap, USB devices. The devices can be re-written to do … just about anything.

Ripping from yesterday’s headlines, here’s a reddit story regarding a system administrator who tracked down a data breach to a USB-powered e-cigarette charger.

Imagine a device that behaves like a USB thumb drive one minute, then when you walk away and the computer is idle, becomes a completely different device capable of rummaging around inside all your files?

Maybe the device causes the PC to reboot, and then boots off a hidden partition on the thumb drive in order to truly ransack your PC’s contents, sending the found data off to who-knows-where.

Maybe it infects your PC with a virus that encrypts every file on your computer and ransoms you for the decryption keys. Crazy? Not at all. It’s probably happening to someone right now.

For many years, extremely security-conscious companies have had their IT staff fill in USB ports with glue guns, or disable the USB devices entirely. They used to look like crazy tinfoil hat people. Not anymore.

Bottom line, be aware and be wary of USB drives handed to you. USB sticks have been a great way to share files in the past. But with this new exploit in the wild, you should no longer trust USBs of unknown origin.

Advertisements

Published by

Larry Silverman

Larry Silverman is a father and husband, software developer, small-business owner, DIY tinkerer, occasional musician, continuous learner, free thinker, despiser of yard work and comma abuser.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s