Cyber Security – Are you protected against USB drives from all sources?

Here’s important cyber security news from Bryce Austin of TCE Strategy about something we rarely give a second thought to – USB storage devices:

“This has been a very exciting month in the world of cybersecurity!

… the USA Secret Service has a bit of egg on its face after inspecting a USB drive from a Chinese national who was arrested inside President Trump’s Mar-a-Lago resort. The USB drive immediately began installing malicious files on the computer it was plugged into (USB drives are a well-known vulnerability, as the act of plugging them in is enough to allow files to be executed on a computer using exploits called BadUSB and USBHarpoon). Details about the particular Secret Service computer that was used to examine the USB drive in question have not been released. If that computer was stand-alone (no network, no Internet, no connections to anything other than a keyboard, monitor and mouse), then the Secret Service followed basic cybersecurity best practices. An even better idea would have been to use specialized equipment that is not a true fully-functioning computer, but rather a piece of hardware specifically designed to interrogate USB drives without risk of infecting a traditional computer operating system. If the USB drive in question was plugged into a networked computer, then it would be a breach of the most basic of cybersecurity protocols. I have had the honor of speaking at Secret Service events in the past, and I’m choosing to take the stance that the Secret Service likely followed reasonable cybersecurity protocols, and that this issue is being overblown. It would be in the public best interest for more details to be released so that private companies can learn from this event.

In addition to a cybersecurity-focused publication (Ars Technia), I’ve included two articles below from larger media outlets (USA Today and Fox News). It is regrettable that best practices when handling USB drives receives so little attention.

The takeaway from this event is simple: don’t plug in USB drives without having a good, strong history as to where it has been and who has used it. Think of USB drives like prescription drugs – do you really want to swallow a pill that you aren’t 99.999% sure it is what it claims to be? Of course not. Don’t let your computer swallow a poison pill either. Throw out USB drives that have any reasonable chance of being infected with malware.

https://arstechnica.com/tech-policy/2019/04/chinese-woman-arrested-at-trump-resort-had-hidden-camera-detector-8000-in-cash/

https://www.foxnews.com/us/woman-arrested-at-mar-a-lago-club-with-2-chinese-passports-malware-feds-say

https://www.usatoday.com/story/news/politics/2019/04/03/mar-lago-arrest/3356751002/

https://www.bleepingcomputer.com/news/security/usbharpoon-is-a-badusb-attack-with-a-twist/

Until next month, stay safe!”


About Bryce Austin:

Bryce Austin, CEO of TCE Strategy, provides CIO and CISO advisory level services and is a keynote speaker around the globe. Please click here to talk to Bryce about how he can help your organization.

Leave a Comment