Your IP: Unknown · Your Status: Unprotected Protected
Blog News

USB fans at North Korea summit lead to cybersecurity scare

Jun 13, 2018 · 2 min read

USB fans at North Korea summit lead to cybersecurity scare

As political analysts weigh the outcome of the unprecedented Trump-Kim summit in Singapore, many have missed a small but fascinating glimpse at a common malware threat used by everyone from common hackers to national intelligence agencies. You may have heard of it – it’s called a USB drive!

Journalists attending the North Korea – U.S. summit were handed a grab-bag of goodies from North Korea. These included a bottle of water, a hand-held fan with the face of Kim Jong-Un, and a guide to the island of Sentosa where the summit took place. The highlight of the grab-bag, however, was a small electric fan that journalists could plug into their laptops for a delightful breeze while they worked.

Cybersecurity analysts, however, were quick to warn journalists against plugging the fans in. USB drives are a common and fairly powerful way to distribute malware.

USB malware is dangerous because the possibilities for what it can do are almost endless. In addition, the malware can be difficult or impossible to detect because it’s located on a USB device that may block your computer from seeing how it works and fool it into thinking that it’s a different device than what it actually is. Here are a few examples of what USB malware can do:

  • It can record your keystrokes and send them to outside observers (passwords, messages, etc.);
  • It can send your files to outside observers;
  • It can monitor online and offline traffic;
  • It can infect your computer with a virus while you’re still booting it up;
  • It can hide in seemingly simple and unexpected devices, like USB toys, phone chargers, or electrical fans;
  • It can destroy devices in a number of different ways. USB malware has been used to generate electrical overloads and to destroy the majority of a country’s nuclear enrichment capabilities (as was the case in Iran with the Stuxnet virus, which was deployed using a USB drive)!

It is not yet clear whether the fan presents an actual threat or whether it was just a poorly considered choice of gift. Part of the reason is that USB malware is notoriously difficult to detect, and because any malware deployed to monitor journalists’ activities would be designed to be very difficult to detect. Cybersecurity experts have called on journalists who’ve received the fans to either discard them or send them to researchers to be studied.

Why should this matter to you?

This is a great opportunity to remind people not to plug in USB drives from unclear sources. You probably wouldn’t eat a sandwich that you found on the ground in the street, so don’t plug a USB drive you found in the street into any of your devices, either!

USB malware isn’t just a tool for state surveillance or cyber warfare, though it has been used that way before. Cybersecurity analysts have found that leaving “lost” USB drives in visible locations works “worryingly well.” If you didn’t know how dangerous USB drives can be, it would be natural to be curious about finding out what’s on that lost USB you found. Don’t do it, however – it’s not worth the risk to you and your privacy and security.

Daniel Markuson
Daniel Markuson successVerified author

Daniel is a digital privacy enthusiast and an internet security expert. As the blog editor at NordVPN, Daniel is generous with spreading news, stories, and tips through the power of a well-written word.

Subscribe to NordVPN blog