Does dropping malicious USB sticks really work? Yes, worryingly well…

[ChrisSmolinski]

Good samaritans and skinflints beware!

Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach.

This is no secret, of course. We have all (hopefully) been aware of the dangers of inserting an unknown USB device into our computers for some time. Heck, the technique has even made it into the Mr Robot TV series.

But what may not be widely known is just how successful the tactic can be for allowing hackers to compromise your computer systems.

Research presented this week at BlackHat by Elie Bursztein of Google’s anti-abuse research team shows that the danger is alarmingly real:

…we dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives. And Oh boy how effective that was! Of the drives we dropped, 98% were picked up and for 45% of the drives, someone not only plugged in the drive but also clicked on files.

Full article: http://www.tripwire.com/state-of-security/featured/does-dropping-malicious-usb-sticks-really-work-yes-worryingly-well/

[Josh]

Don't think this isn't lost on usb drive makers themselves. Imagine a "usb drive making country" embedding code to make the world go haywire on a certain date/time. Say just prior to a surprise attack. That being said, I'd connect a found usb drive to a linux sys and poke around in it to see what gives, then if I can't return it to its owner, format it and throw it on the pile with the rest. Also, I think this is how cia/mossad got stux into the Iranian centrifuge controllers, but they had a guy on the inside plug in the drive for them.

[Pigmeat]

Never underestimate curiosity and greed is the motto of all hucksters. It's the founding principle of our country's greatest learning institution, Trump University.

[Nella F.]

Plugging in that USB stick you found lying around on the street outside your office could lead to a security breach.

                              Sounds suspiciously like a 21st. century prank version of leaving small, skinny nails lying around on the street.  

[Pigmeat]

I knew a guy who was a seasonal construction worker. For entertainment he would superglue quarters to the sidewalk across the street from the window of his favorite bar, on a very busy corner.

He and the regulars would spend hours watching people try to get those things up with everything from their nails to hammers and cold chisels.

[redhat]

The old trick I was told was to leave a thumbdrive in the elevator with 'HR Files' written on it.  Apparently curiosity does indeed kill the cat

+-RH

[ka1iic]

I've seen USD coins in the top of wine thingie bobs and well... the poor things mutilated to h-band-box to get the $ off of them...  been there... done that... I have a drawer full of smacked out wine thingies that I picked off of lawn sale goodies... hah...  hey! .25c for a dollar is a profit right?

Crowe T Robot