Skip to main content

Security researchers warn against plugging in lost, random USB flash drives

The external storage space has been dominated by USB flash drives for nearly two decades now. While the storage capacity of USB flash drives has drastically increased over the period, they continue to remain subject to several security risks, primarily due to their small form factor, portability, and ease of access.

Security experts warn that hackers consider USB flash drives as a carrier of the malware payload. In fact, they can also be used to smuggle data out of companies and disrupt company operations.

Security researchers have a piece of advice for users to prevent falling prey to various cyberattacks: If you stumble upon a lost flash drive, either hand it over to the authorities or drop it off at the lost and found but never ever plug it into your computer!

“Unfortunately, cybercriminals often use a “lost” flash drive as a social engineering tactic, hoping that their targets will do just that. Since the person plugging the drive in has no idea what it contains, it might be opening Pandora’s box,” researchers warn.

USB Flash drives often serve as a bridge for malware making their way into your computer. In case of a ransomware dropper, it could lock you out of your computer and steal sensitive data.

In the past, Stuxnet malware is believed to spread via malicious USB flash drives. Similarly, BadUSB malware could have allowed hackers to gain control of computers, spy on users, and steal sensitive data.

If it somehow installs a keylogger application on your device, it could snoop on your keystrokes, enabling hackers to your social media, email, and Internet banking credentials.

“To start, you should always keep your devices patched and updated to the latest versions of the operating system and software available. Using a reputable and up-to-date endpoint security solution is also advised since it can protect you from many of the risks posed by malicious USB sticks as well as other threats,” researchers advice.

Security experts also advise users to disable the Autorun feature so that your device won’t open any USB drive. Using an endpoint security solution to run a scan on the drive can help.