Caution-Free USB Drives
While attending a recent technology conference in Florida, we were somewhat shocked, bewildered and concerned by the sight of rather plain cardboard boxes positioned near the entrance to the conference tradeshow floor (pictured below) – offering Free USB drives.
The boxes were empty and USB drives are a common giveaway item at tradeshows. However, we couldn’t help but wonder if those who helped themselves to a free drive – had considered the possibility that these drives were loaded with PC crippling malware.
Unfortunately, no one has claimed responsibility and we have no way of knowing if the offer of these drives was simply an act of generosity, a social experiment or a malware trap.
However, our good friends at CompTIA recently published findings of a experiment with striking similarities:
CompTIA Cyber Secure:A Look at Employee Cybersecurity Habits in the Workplace
“Nearly one in five people who found a random USB stick in a public setting proceeded to use the drive in ways that posed cybersecurity risks to their personal devices and information and potentially, that of their employer, a recent experiment conducted on behalf of CompTIA, the IT industry association, revealed.”
“In the experiment, 200 unbranded USB flash drives were left in high-traffic, public locations in Chicago, Cleveland, San Francisco and Washington, D.C. In about one in five instances, the flash drives were picked up and plugged into a device. Users then proceeded to engage in several potentially risky behaviors: opening text files, clicking on unfamiliar web links or sending messages to a listed email address.”
“Notably, consumers’ technology literacy was not a determining factor for whether a USB stick was picked up or not.”
Read more on the CompTIA social experiment here: https://www.comptia.org/resources/cyber-secure-a-look-at-employee-cybersecurity-habits-in-the-workplace?cid=download
Found thumb drives: another way employees are a security menace | By Henry Kenyon | Jun 30, 2011
221 total views, 2 views today
I will never use a flash-drive unless I have personally bought it.
Jim Glennaalann did i say i found "a lot"? those words weren't anywhere in my post so i did not say such a thing. i have found a few and did indeed destroy them. nice try you trolling plonker.
Jim Glennaalann did i say i found "a lot"? no, those words were not anywhere in my post so i did not say such a thing. nice try troll.
If a box was left as seen in the picture then security at the
conference was non-existent and in these times unforgivable.
If you have a Windows PC, hold done the shift key when you insert the drive until it is recognized, it prevents any auto-run. Then do a full format. Wouldn’t that also prevent any infection?
Just do what I do- run a Linux machine, and reformat. Piece of cake!
You find alot of flashdrives? Where??
when i find one, i destroy it and pray that whoever dropped it was wise enough to back up their files. sure, it may sound cruel at first glance, but when you think about the possibility that it may be a trojan horse, ignoring it in hopes that its owner will return may just be putting someone else's security at risk. because you never know who's gonna come behind you at some point and pick it up, thinking they just scored. especially if it's of substantial storage size!
@Arizona Marek:
If you find a USB drive, couldn’t you pop it in a linux machine and format it…safely?