Turning USB Sticks into Weapons of Mass DestructionBy Channel Insider Staff | Posted 2011-02-17 Email Print
Re-Thinking HR: What Every CIO Needs to Know About Tomorrow's Workforce
News Analysis: Viruses, worms and malware can be transmitted in many ways, and perhaps the most insidious is the USB stick.
This story starts at the Washington, D.C., Auto Show, which is held at the end of January each year. While I was at the show, one of the people at the Land Rover display handed me a USB memory stick. I assumed that it contained a brochure or something similar, so I put it into my pocket and took it home. There, I promptly forgot about it.
Fast forward a few days and the device appeared on my desk, so I did what you're not supposed to do, and plugged it into my USB port, assuming that Norton would block any bad stuff. Apparently there wasn't any bad stuff, but what alarmed me was that this USB memory didn't appear on my desktop as a removable drive—it simply launched a video showing me a new model of the Range Rover. I couldn't detect the device as a removable drive, so I couldn't reformat it for some other use. Instead, I tossed it into the trash before the video got going.
The reason this alarmed me is that it demonstrated how easy it is to insert and execute software, good or bad, without the user knowing. Had this same USB memory module contained Stuxnet, my computer might have been infected. This is exactly what happened a couple of years ago in Iran when the Israeli Defense Forces quietly planted some USB memory sticks in places frequented by Iranian nuclear engineers. Like everyone else, they popped the devices into their computers and the rest is history.