USB Flash Drives: Tiny Device Not Without Security Loopholes

They are one of the hottest computer peripherals out there, they are small, compact, yet miraculously they can store gigabytes of data despite their puny dimensions. No, we are not referring to the floppy disks, since we’re no longer in the 90’s. With floppy disks out of the picture, it should be a piece of cake for you to guess the nature of the subject matter. If you are speculating that we may be referring to USB flash drives/thumb drives – you guessed right! In today’s day and age, they are a must have, in fact, you are least likely to know someone who doesn’t utilize these minuscule thingamabob of technology. What you didn’t know is that despite its resourcefulness and practicality, USB jump drives can be used for other, more sinister applications.

Having the option to plug a compact USB flash drive into a computer and download considerable amount of data has made the USB thumb drive a popular gadget. Consequently, it has also made it a security risk in large corporations.  Newer USB flash drives with u3 technology are able to run any software straight from its drive. Demonstrations by these devices have proved these so called “Smart USB Flash drives” can, without delays, easily install backdoors, retrieve usernames and passwords, and can even grab software serial keys from any PC.

Experts consider U3 equipped flash drives a dangerous tool in the hands of hackers, as the technology can be applied to conduct criminal activities such as stealing data. Experts confirm that U3 drives are considered compact computers in their own respect, and one cannot underestimate their usefulness if they are utilized for illegal means. Hak.5 had demonstrated how U3 equipped devices preloaded with hacking software can retrieve Windows login credentials; moreover, capability to retrieve, MSN, AOL, Gmail and Yahoo credentials was not a challenge either. Experts also determined that such devices can be used to infect computers with viruses and preload PC’s with other sophisticated hacking software.

What Hak.5 had demonstrated may force organizations to take proactive steps against defending corporate data and adapt newer data security strategies. Experts warn that organization should focus more on preventing malware attacks than preventing data theft, as a potential malware can have a more devastating impact on corporate data. Simply disabling Windows auto-run feature and disabling user-privileges is considered a critical step towards preventing u3 enabled devices from working on computers, and is considered effective measure for preventing hackers from even trying to proceed further. Other more extreme steps include disabling USB drives completely on computers, which can be done through administrative setting or through third-party software, considering they don’t hinder workplace productivity or for that matter affect it in an unconstructive manner.

Awareness is also a big part of the picture, training and educating employees about such issues can make a difference in preventing such an incident. Considering human error is equally to blame, raised awareness about data security certainly yields positive results.  Organizations which allow employees to store confidential data on their workstations run the risk of its data being stolen. Falling short of taking such measures will certainly give chance to data thievery; it’s not a matter of if, but of when. What’s more, is that top executives who utilize that data by working during off office hours should Secure USB drives while transporting that data from work to home and vice versa.