Universal Serial Bus (USB) connectors made connecting devices to computers quick and easy. However, this convenience comes with risks as hackers have found that USBs make it easy to trick people into making devices vulnerable to attacks.
USB attacks require the purchase and use of potentially expensive hardware devices, but the benefits for the attacker can be many when an attack is successful.
Possible USB attacks include:
- A device called a USB killer sends a high-voltage zap into a computer. Once it is plugged in the computer stops working.
- A Rubber Ducky device looks like a USB drive but functions as a keyboard. When plugged into a computer, it takes over the keyboard and writes malicious programs that will compromise the system.
- The O.MG Cable is similar to the Rubber Ducky but is disguised as a charging cable.
- Juice-Jacking attacks are designed to transfer data to/from devices when they are plugged into USB charging ports provided at airports, hotels, or other public places.
- Regular USB memory storage devices that you just happen to find may contain malicious programs or documents. This is the oldest type of USB attack but is still viable and easily deployed.
Stay safe:
- Do not plug an unfamiliar USB device into your computer.
- Use your device’s charger and cable to charge your phone or computer.
- Say no to prompts that ask for permission to access your system when you charge your device.
- Be cautious when someone asks you to plug a USB device into your computer.
If you need help with an information security issue, submit a 6-TECH ticket, call (336) 256-TECH (8324), or email [email protected].
