PenDrive (USB) – is it a new threat?

Every reader is familiar with the PenDrive (USB) device as a portable storage medium. It has dominated the world of computers thanks to the universal connection (Universal Serial Bus), which continues to evolve (USB 1.0, USB 2.0, USB 3.0). USB ports now reign not only in computers but are also widely used in smartphones and tablets. Each newer version offers increased data bus throughput. Devices connected to the bus are no longer just portable storage but include a wide range of other peripherals (e.g., printers, scanners, keyboards, mice, including wireless-controlled mice).

Just like the CD/DVD drives we use, our PenDrives were automatically read by Windows operating systems. Thanks to the autorun.inf file placed in the root directory, when the device was inserted into the USB port, its startup programs were read. This file could contain sequences of system commands that were triggered automatically or, worse, programs that launched external applications. Sophisticated “programmers” would run such applications in the background, lulling the victim’s defenses.

The actions of the launched programs were only limited by the creativity of the attacker. One example could be an application that downloads predefined data (files) onto its storage device. All it takes is for the user — the victim — to allow access to their USB port. Depending on the USB port’s transfer speed, data from the computer can be transferred to the PenDrive (USB). Such a manipulated device was affectionately called a “leech” by specialists.

Today, such capabilities are typically blocked by default, and only deliberate action by the user — the administrator — can unlock this function, thus exposing the system to the aforementioned risks of consciously (in this case) allowing the leakage of their own data.

How could this look today?

In a time when USB ports are used not only by flash drives but also by other peripherals, such as network cards, one could imagine a device that is specially prepared with an internal network card and its own driver. A “clean” PenDrive inserted into a secured computer, where autorun.inf is blocked by default, may still appear “clean” but could silently switch to another network and, in extreme cases, transfer control over the entire computer or the entire IT system of an organization. It is also worth noting that no antivirus system will detect such a combination, as antivirus systems are not sensitive to hardware changes or replacements. From an electronics perspective, creating such a device and linking its functions is not difficult.

How to prevent it?

The matter seems quite simple. In the age of widely used cloud solutions, data centers, servers, etc., we need to ask ourselves: is there still a need for devices like PenDrives? Probably not.

From a technical perspective, by using cloud solutions, we achieve the same effect as with PenDrives, but the security of our data, including its availability, becomes much more efficient.

Cezary Maślankiewicz
Cybersecurity Consultant at PBSG

Check the other news

Changes in the Management Board driving ambitious goals

Changes in the Management Board driving ambitious goals

Read more
PBSG at the CYBERŚLĄSKIE 2024 conference: Key takeaways and the role of risk analysis in cybersecurity

PBSG at the CYBERŚLĄSKIE 2024 conference: Key takeaways and the role of risk analysis in cybersecurity

Read more
The project for extending the KRI is being considered as a matter of urgency

The project for extending the KRI is being considered as a matter of urgency

Read more
All news

Interested? Contact us and let's talk about your project