Computer Security: USB sticks - the silent killers
You've just found a USB stick in Restaurant 1. You'd like to return it … but who is the owner? Maybe the contents can tell you? Connect it to your laptop, and you might figure it out. But hold on, what if its content is dangerous…?
USB sticks are an excellent vehicle for infecting countless PCs and laptops. Years ago, several dozen laptops were infected during a conference when someone passed around a USB stick with flight departure information. Unfortunately, this stick was infected. Similarly, we have seen a domino effect of infections in the FP and EN departments after some USB sticks made the rounds, infecting one PC after another. In the end, a massive number of PCs had to be reinstalled.
Some USB sticks are even worse. They pretend to be “just a keyboard” (named “RubberDucky”) and, once inserted, they execute a pre-programmed sequence of keystrokes intended to extract information from your computer or take it over. Others have malware compiled into the USB’s hardware chips and not into its storage area, for example e-cigarettes that are charged by a USB cable. Even worse, the next generation of fake USB keys might be able to destroy part of your computer (see here)! No technical solution can protect your computer from that!
So what can you do? First of all, don’t use USB sticks if you don’t trust their provenance. If you’ve found a USB stick, hand it over to Computer.Security@cern.ch. We have means of dealing with infected sticks. Secondly, use good antivirus software, which should be able to detect known threats stored on a USB stick. Give the software the time to run a full scan. The CERN antivirus software is available here for Windows and here for Mac, and can also be used to protect your computers at home. Thirdly, in order to help your antivirus software, keep your laptop, PC, tablet or smartphone up-to-date with all the recent software upgrades and patches. Have the “Windows Upgrade” or Mac “Software Update” set to “automatically download and install”. For Linux use, for example, “yum auto-update”. CERN PCs and laptops are centrally kept up-to-date via CMF. Fourth, if you manage your own PC, check the “autorun”/“autostart” settings for USB sticks. If CERN IT manages your PC or laptop, all is fine.
Finally, be vigilant and report suspicious USB sticks to Computer.Security@cern.ch. If you are really paranoid and just want to use your USB port for charging e.g. your mobile phone, buy a USB “umbrella”, which blocks the data connection and only allows power through.
For further information, questions or help, check our website or contact us at Computer.Security@cern.ch.
Do you want to learn more about computer security incidents and issues at CERN? Follow our Monthly Report.
Access the entire collection of Computer Security articles here.
by Stefan Lueders, Computer Security Team
