As political analysts weigh the outcome of the unprecedented Trump-Kim summit in Singapore, many have missed a small but fascinating glimpse at a common malware threat used by everyone from common hackers to national intelligence agencies. You may have heard of it – it’s called a USB drive!
Journalists attending the North Korea – U.S. summit were handed a grab-bag of goodies from North Korea. These included a bottle of water, a hand-held fan with the face of Kim Jong-Un, and a guide to the island of Sentosa where the summit took place. The highlight of the grab-bag, however, was a small electric fan that journalists could plug into their laptops for a delightful breeze while they worked.
Cybersecurity analysts, however, were quick to warn journalists against plugging the fans in. USB drives are a common and fairly powerful way to distribute malware.
USB malware is dangerous because the possibilities for what it can do are almost endless. In addition, the malware can be difficult or impossible to detect because it’s located on a USB device that may block your computer from seeing how it works and fool it into thinking that it’s a different device than what it actually is. Here are a few examples of what USB malware can do:
It is not yet clear whether the fan presents an actual threat or whether it was just a poorly considered choice of gift. Part of the reason is that USB malware is notoriously difficult to detect, and because any malware deployed to monitor journalists’ activities would be designed to be very difficult to detect. Cybersecurity experts have called on journalists who’ve received the fans to either discard them or send them to researchers to be studied.
This is a great opportunity to remind people not to plug in USB drives from unclear sources. You probably wouldn’t eat a sandwich that you found on the ground in the street, so don’t plug a USB drive you found in the street into any of your devices, either!
USB malware isn’t just a tool for state surveillance or cyber warfare, though it has been used that way before. Cybersecurity analysts have found that leaving “lost” USB drives in visible locations works “worryingly well.” If you didn’t know how dangerous USB drives can be, it would be natural to be curious about finding out what’s on that lost USB you found. Don’t do it, however – it’s not worth the risk to you and your privacy and security.