Skip to main content

Malware alert — don’t plug in that USB stick you found on the street

USB drop attack demo - Blackhat USA 2016
Be careful, that “found” USB drive may hold malware that’s just waiting for you to plug it in. Maybe you consider a found USB stick a chance to do a good deed by returning it to its owner — if you can discover who the owner is. Or maybe you’re curious and just want to see what’s on the removable storage drive. Whatever your reason for picking it up and plugging it in, that “lost” USB stick may be bait waiting for someone to hurt, according to Tom’s Hardware.

Google anti-abuse team researcher Elie Bursztein tested the effectiveness of using “lost” USB memory  to spread malware on a college campus. In Bursztein’s study, almost all of the USB sticks (97 percent) were picked up and almost half (45 percent) were plugged into computers where someone clicked on the stored files. In further testing, Bursztein found that USB sticks with labels such as “Exams” or “Confidential” were more likely to be opened than unlabeled drives while sticks with return addresses were less likely to be opened.

Recommended Videos

The threats from USB drives can come in several forms. HTML files or executable files stored on the drive could activate malware to infect the system in the background while running innocuous programs in the foreground. Users could be sent to a phishing site that would attempt to steal personal information. Alternately, activated code could search the computer’s files for personal credentials and then attempt to send them back to the hacker or to the cloud for later retrieval.

Please enable Javascript to view this content

USB devices that resemble memory sticks but are really keyboard spoofers could be programmed to allow remote access and signal a hacker that the computer is open and ready for whatever the hacker intends.

It’s also possible to use USB sticks to mount zero-day attacks that exploit known software vulnerabilities either before vendors patch the hole or before users download updates. According to Bursztein, zero-day threats are less likely to be spread with randomly “lost” USB sticks due to the cost and complexity of altering firmware. You are more likely to be hit with malicious files or to pick up a keyboard-spoofer.

In any case, the best advice is to resist the temptation to pop a “found” USB stick into your computer just to see what’s on it. Bursztein demonstrated how a USB drop attack could work at Black Hat USA 2016.

Bruce Brown
Bruce Brown Contributing Editor   As a Contributing Editor to the Auto teams at Digital Trends and TheManual.com, Bruce…
This 14-inch Dell 2-in-1 laptop is on sale with a $250 discount
Dell Inspiron 14 2-in-1 (7445) front view showing display.

Are you having trouble deciding between laptop deals and tablet deals for your next device? You don't have to choose between them if you go for the Dell Inspiron 14 7440 2-in-1 laptop, which you can get with a $250 discount from Dell right now. From its original price of $750, it's on sale for a more affordable $500, but we're not sure for how much longer. You're going to have to be quick with your purchase if you want to pocket the savings -- we recommend buying the 2-in-1 laptop immediately just to be sure.

Why you should buy the Dell Inspiron 14 7440 2-in-1 laptop
The Dell Inspiron 14 7440 is almost the same as the Dell Inspiron 14 7445, save for the components that power it. Instead of an AMD chip, the Dell Inspiron 14 7440 runs on the Intel Core 5 120U processor, alongside Intel Graphics and 8GB of RAM. These specifications will be more than enough for daily tasks such as browsing social media, watching streaming shows, and working on spreadsheets and documents. The device also comes with Windows 11 Home pre-installed in a 512GB SSD for ample storage space for your apps and files, and it has a dedicated key to launch Microsoft's Copilot if you need any help from the AI assistant.

Read more
Tourists are renting robotic legs to climb up a mountain
People hiking up a mountain.

For many vacationers, a trip might involve a challenging climb up a mountain for a spot of exercise and to enjoy the amazing views from the top, the sense of satisfaction enhanced by all of the effort expended to reach the peak.

But for some tourists taking on Mount Tai in Shandong, China, the required exertion seems like a waste of ... well ... energy. Especially when a pair of robotic legs can do the job instead.

Read more
Grok 3 launch confirmed as 10 times more powerful than previous model
Elon Musk and the xAI team launching Grok 3

Elon Musk and the xAI team announced the Grok 3 AI model in an evening live stream on Monday.

The team detailed that the new model is "a magnitude more capable" than Grok 2, indicating Grok 3 has 10 to 15 times more power than Grok 2. They also claim that Grok 3 is more powerful than its AI model competitors such as DeekSeek and Google Gemini.

Read more