That little thing that you stick in your computer to store or transfer data can also mean very bad news.
The USB device or “flash drive” can be reconfigured to work like a little thief, for instance, being made to mimic a keyboard and take instructions from the master thief to rip off data or install malware. It can be made to secrete a virus before the operating system boots up, or be programmed to alter the computer’s DNS setting to reroute traffic.
There’s no good defense for these kinds of attacks. The firmware on the USB devices can’t be detected by malware scanners. Biometrics are out because when the firmware changes, it simply passes as the user plugging in a new flash drive.
Cleaning up the aftermath is no picnic, either. Reinstalling the operating system doesn’t resolve the problem because the USB device, from which installation occurs, may already be infected. So may be other USB components inside one’s computer.
Whitelisting USB drives is pointless because not all have unique serial numbers. Plus, operating systems lack effective whitelisting mechanisms. Also, Malicious firmware can pass for legitimate firmware.
To prevent a bad USB from infesting a computer, the controller firmware must be locked down, unchangeable by an unauthorized user. USB storage devices must be able to prevent a cybercriminal from reading or altering the firmware. It must make sure that the firmware is digitally signed, so that in the event it does become altered, the device will not interface with the altered firmware.
- Watch your USB drive – don’t set it down and make sure you keep track of it so it’s not lost or stolen.
- Disable auto-run – Turn off auto-run on your computer so that if a USB drive has malware, then it won’t automatically be transferred to your machine.
- Be careful who you share your USB drives with – Be careful what computers you place your USB drive in and who you let borrow your USB drive.
- Use comprehensive security software – make sure your security software not only scans your computer for threats, but also any drives that are attached.