Beware infected USB drives, computer security experts warn


4 photos
Save Story
Leer en español

Estimated read time: 3-4 minutes

This archived news story is available only for your personal, non-commercial use. Information in the story may be outdated or superseded by additional information. Reading or replaying the story in its archived form does not constitute a republication of the story.

SALT LAKE CITY — Computer security experts are warning the public of newer and sneakier ways that flash drives or USB drives have become infected with viruses and spyware.

They say computer users could infect their home computer, or a whole office computer network, and not even know it.

A Black Hat Security Conference is a gathering of hackers and computer security experts. Their latest subject is flash drives, also called USB drives or thumb drives.

They're very convenient: computer users can do a little work at home, put it on their flash drive, put it into their pocket, and plug it in at the office. But now, the security risk is again front-and-center at the latest Black Hat Security conference because of the risk they contain.

“It’s quite possible to use every single one of those devices to do something that could even bring down an entire corporate network. It’s very possible, yes,” said Jamie Forbush, president of Utah Data Recovery, a computer forensics company that recovers lost data from electronic devices.

He said he deals with disasters every day, and he's concerned about the damage that a USB drive infected by virus can do. Forbush said an infected drive can take over your computer, steal your personal information and anything else a hacker programs it to do.

“It can say, ‘Oh well, this computer is on this IP address. Here are all the codes on this computer to get into it.’ I mean, it can give a wealth of information, depending on how sophisticated they want to be,” he said.

Here's why security experts are very concerned: sophisticated hackers can bury malicious codes deep into a flash drive's controller chip. That means there's a strong chance antivirus software won't pick up on it.

Photo: KSL TV
Photo: KSL TV

“Now we’re talking about a very significant change. We’re talking about a piece of software versus a piece of hardware code. There’s nothing that antivirus can do to delete it or to take it and move it over into an area where it can’t be touched,” he explained.

Even if you've deleted everything on your flash card and reformatted it in hopes of digitally wiping it clean, Forbush said the attack code can remain hidden long afterwards, waiting to infect whatever computer the drive is plugged into.

“It’s there. It’s a piece of hardware and it will execute until it actually breaks in, does whatever type of damage it is designed to do,” Forbush said.

Since they're fairly cheap, Forbush and other experts warn hackers might simply drop infected drives in the street, hoping that curiosity will compel someone to pick them up and plug them into computers.

“So you really have to worry about the intrusions of that sort,” he said.

Forbush suggested computer users don't plug any USB drive that is not theirs into their computer, especially one that looks like it's been lost.

For sharing photos and files, computer users are better off using cloud services like DropBox or Google Drive, he said.

Photos

Related links

Most recent Utah stories

Related topics

Utah
Bill Gephardt

    STAY IN THE KNOW

    Get informative articles and interesting stories delivered to your inbox weekly. Subscribe to the KSL.com Trending 5.
    By subscribing, you acknowledge and agree to KSL.com's Terms of Use and Privacy Policy.

    KSL Weather Forecast