Even if you know the company it came from, a flash drive can bypass all the security on your computer.

I was reading this rather technical article and got spooked (http://www.ciscopress.com/articles/article.asp?p=1636214). If you want to read all the tech stuff, make sure and go through all the links in the Contents.

The basic concept is that the program that runs from the flash drive creates a fake USB keyboard (that you have no idea exists). Then the program can use the fake USB keyboard to open a command window and type in commands. The fake USB keyboard acts like your fingers on your keyboard and tells the computer to do things.

The article talks about how Hyundai came up with a cool marketing tool that allows the computer to go straight to a website once the flash drive is inserted. In this case, it is a very benign event. Nothing too dangerous, just a website for loyal customers.

The article continues to talk about how this same solution could be used to run programs on your computer (and do bad things) or take you to a website that does bad things to your computer.

And don’t forget the time the American Dental Association recently sent some bad stuff out on a flash drive (http://krebsonsecurity.com/2016/04/dental-assn-mails-malware-to-members/) by accident.

So… think twice before you insert that USB drive!

Post comment