If you think that your “flash drive” or that little USB drive that you use for transferring or storing your files is safe from hackers, think again! Experts have warned that the device can be configured by hackers to mimic a keyboard and then take instructions from the data thief to rip off crucial data or even install malwares on your computer.
The USB drive can also be tampered with to secrete a virus just before the OS of your computer boots up, or can be programmed in such a way that it alters your computer’s DNS setting for rerouting web traffic.
So far, there has been no effective means to prevent such kinds of attacks. The root of the problem is that the firmware that comes along with the USB devices cannot be detected even by malware scanners. Biometrics are not useful either because when the USB firmware changes, it simply passes off as a normal user plugging in a new pen drive.
Clean up work is not a joyful experience, either. Reinstalling your OS won’t resolve the issue because the flash device, from which installation happens, could be infected already. So are also the other USB components that are within your computer.
Whitelisting the USB pen drives is quite pointless as not every one of them comes with unique serial number. In addition, most operating systems don’t have effective whitelisting systems.
Now, if you want to prevent an infected USB from prowling your computer, the best you could do is lock down the controller firmware, which is unchangeable by unauthorized user. USB devices should be able to prevent criminals from entering or reading or altering your USB firmware. USB drives should have a firmware that is digitally signed.
Here are some security tips for using USB drives:
- Keep a watch on your USB drive. Make sure it is not lost or stolen.
- Always disable auto-run. It is advisable to turn off the auto-run feature on your computer. This will prevent the USB device from transferring any malware to your system automatically.
- Be careful while sharing USB drives. Just as you are careful on whose computer you plug in your USB drive, you should also be careful about with whom you are sharing it.
- Use reliable security software. You should make sure that your software scans not only computer for threats, but it should be able to detect threats that come with the drives.