29 Types of USB Attacks and How to Stay Safe from Them

Discussion in 'Accessories' started by hmscott, Apr 25, 2018.

  1. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    Here's an example of what kind of things you are up against should random USB devices "show up" out of the blue; a heads up on what to watch out for as well as what people are up to...

    Nefarious USB Cables - Hak5 2408


    Exploding USB Drives - Hak5 2407
     
    Last edited: May 5, 2018
    Starlight5 likes this.
  2. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    Kim Jong Un received a USB from South Korea's president with a blueprint for connecting North Korea with the world
    Tara Francis Chan, 1m ago...
    http://www.businessinsider.com/kim-jong-un-received-a-usb-from-south-koreas-president-2018-5
    • "Kim Jong Un received a USB from South Korea's president during their summit at the DMZ in April.
    • The USB contained a presentation and e-book containing a blueprint for economic cooperation between the two countries that could link North Korea to Russia, China, and Europe through trade and trains.
    • The USB appears to provide a further incentive for Kim to keep the agreements made between North and South Korea at the summit.
    • USBs are regularly smuggled over the border into North Korea to promote South Korean and Western entertainment and news."
    o_O
     
  3. Peon

    Peon Notebook Deity

    Reputations:
    406
    Messages:
    1,997
    Likes Received:
    128
    Trophy Points:
    81
    I'm surprised that this is news. Even in Hollywood, spies steal data by plugging in some super duper USB stick, usually followed by the spy doing everything possible to distract the target and avoid detection until the progress bar reaches 100%, at which point the USB is discreetly unplugged and the spy comes up with an excuse to make a swift retreat.
     
    Starlight5 and hmscott like this.
  4. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    In Hollywood *Movies*... not in Hollywood - in Hollywood nobody don't know nuttin, capeesh? ;)
     
  5. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    IBM bans all removable storage, for all staff, everywhere
    Risk of ‘financial and reputational damage’ is too high, says CISO

    By Simon Sharwood, APAC Editor 10 May 2018 at 05:01
    https://www.theregister.co.uk/2018/05/10/ibm_bans_all_removable_storage_for_all_staff_everywhere/
    [​IMG]
    "IBM has banned its staff from using removable storage devices.

    In an advisory to employees, IBM global chief information security officer Shamla Naidoo said the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”

    The advisory stated some pockets of IBM have had this policy for a while, but “over the next few weeks we are implementing this policy worldwide.”

    Big Blue’s doing this because “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.”

    IBMers are advised to use Big Blue’s preferred sync ‘n’ share service to move data around.

    But the advisory also admitted that the move may be “disruptive for some.”

    She’s not wrong: The Register understands that frontline IBM staff sometimes need to download patches so they can be installed on devices they manage for clients and that bootable USB drives are one means of installing those patches.

    Indeed, IBM offers advice on how to install Linux on its own POWER 9 servers using a USB key. ®

    UPDATE: Since publishing this story we've heard whispers that IBM has taken note of staff objections to the removable storage ban, especially when doing software updates, and is considering making a few exemptions."

    Comments
     
    Starlight5 likes this.
  6. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    Kingstons Robert Allen talks about CyberSecurity! is YOUR DATA SECURE?
    KitGuruTech
    Published on Jul 24, 2018
    Andrzej recently had time to sit and chat with Kingston's Robert Allen - Director of Marketing and technical services. Rob wanted to update us on the efforts Kingston are making to ensure their customers drives and flash storage is secure! How important is this for you?


    Is your encrypted USB drive secure?
    August 10, 2017
    https://www.kaspersky.com/blog/encrypted-usb-drives-audit/17948/

    "How can you be sure the “secure” USB drive you’re using is really secure and the data you store on it can’t be extracted? That’s exactly the question Google’s security researchers Ellie Bursztein, Jean-Michel Picod, and Rémi Audebert addressed in their talk, “Attacking encrypted USB keys the hard(ware) way,” at the recent Black Hat USA 2017. (PDF)"

    Apple’s USB Restricted Mode: how to use your iPhone’s latest security feature

    By Chris Welch@chriswelch, Jul 10, 2018, 12:31pm EDT
    https://www.theverge.com/2018/7/10/17550316/apple-iphone-usb-restricted-mode-how-to-use-security
     
    Last edited: Jul 25, 2018
    Vasudev likes this.
  7. hmscott

    hmscott Notebook Nobel Laureate

    Reputations:
    4,882
    Messages:
    17,069
    Likes Received:
    20,963
    Trophy Points:
    931
    This rigged charger can hijack your new laptop
    Dave Lee, 10 August 2018
    https://www.bbc.co.uk/news/technology-45139397

    "A neat feature of many modern laptops is the ability to power them up through the USB port. Unlike the rectangular USB ports of old, the newer type - USB-C - can carry enough power to charge your machine.

    That’s great news: it means you don’t need to add a separate port just for charging. And when the USB port isn’t being used for power, it can be used for something useful, like plugging in a hard drive, or your phone.

    But while you and I may look at that as an improvement, hackers see an opportunity to exploit a new vulnerability..."
     
    Starlight5 and Vasudev like this.
Loading...
Similar Threads - Types Attacks Stay
  1. Geraout
    Replies:
    7
    Views:
    377

Share This Page