A word of advice: don’t trust USBs that you don’t know. Generally speaking, don’t just openly trust technology.
By now, you’ve heard that you should never plug in a USB Flash Drive that you don’t own. If you’ve been following along on our blog, you may have seen our post about it last year.
By 2018, the USB game has evolved. We used to just worry about computers, but now we have to be concerned about our smartphones, too. A new research study from Ben-Gurion University of the Negev in Israel has exposed 29 types of USB attacks. These attacks can be carried out by a variety of methods including plugging into a public USB port or using a USB charger.
Tech Republic spoke with one of the researchers, Ran Yahalom, about the study.
Yahalom said, “We surveyed 29 attacks, updated last year. New methods of likely developed and published attacks increase that number. The microcontroller, a reprogrammable microcontroller used to impersonate peripherals as well as an actually the firmware update. Academic circles call this ‘bad USB.’ It’s a family of attacks based on reprogramming the firmware.”
He went on to add, “If you go into a coffee shop and use charger there, or an airport or a train tstation, any charger that is not your own, you don’t know what that piece of hardware really does,” Yahalom emphasized. “It may not be a charger, but a microcontroller hidden inside a charger casing. It could be something else. You don’t know. Once put into your phone, anything could happen.
I demonstrated how to connect a keyboard to a phone. But it doesn’t look like a keyboard, it looks like a charger, but it’s actually a microcontroller I reprogrammed. I programmed it to act as a keyboard, so it impersonates a keyboard and it looks like a charger. It’s connected to the socket, but without an electrical part of that charger, it’s just a microcontroller. I showed how to connect it to and lock the phone, a sort of ‘ransomware.'”
Yahalom made a fabulous point that illustrated how we should truly view technology.
“The general rule of thumb is: treat technology as something you don’t naturally trust. As users, we have a tendency to trust technology, to trust peripherals, i.e., you trust your flash drive, you trust your keyboard, but you trust it because you’re not aware. Treat it as a syringe: You wouldn’t find a syringe in the parking lot, pick it up, and inject it to yourself. Because you’re aware you could be infected. You have no knowledge of what could happen, but are afraid because it could be dangerous. This is exactly the same thing.”
Keep a few things in mind…
Bring your own charger.
Use your own hardware.
Don’t trust Wi-Fi networks.
Don’t trust technology.
To read more about these 29 USB attacks, this article on Bleeping Computer will get you up-to-speed.
Be sure to subscribe to our newsletter to stay up-to-date on any technology news.