Skip the navigation

IT Risks Rise on USB Drives

October 2, 2006 12:00 PM ET
This Thursday, Hak.5 will podcast its latest refinement of the USB hacks, Kitchen said.

“Most people think of these things as storage sticks. What they don’t realize is the U3 is a little computer on a thumb drive,” Pescatore said.

Companies need to think seriously about managing USB storage devices, said Jonathan Singer, an analyst at Yankee Group Research Inc. in Boston. “You canhave a user walk away with awhole bunch of information, or someone’s PCs could get owned by a USB device they picked up in a parking lot,” he said.

Anderson said those concerns prompted Lincoln Health to install software from SecureWave SA that lets administrators manage access of USB drives to computers. SecureWave’s product lets Lincoln Health prevent multiple USB device types from being connected to its systems. IT can also monitor and audit activities in the cases where end users are permitted to connect USB devices to their systems.

Fabi Gower, vice president of IT at Martin, Fletcher, a health care company in Irving, Texas, has also deployed similar technology from SecureWave. She said she is reasonably confident that it should protect against threats such as those associated with the U3 flash drives. “Our security measures prohibit any applications from being installed or running on the network unless it has been authorized,” Gower said. SecureWave provides a way to enforce this at the USB device level, she said.

In one sense, the threat is not new, said Robert Wesley McGrew, a research student in computer security at Mississippi State University in Starkville. For example, the ability to install malicious code on removable systems via CD-ROMs has existed for several years, he said. What makes the U3 threat dangerous, though, is the fact that the devices can retrieve and store data, he added.

Read more about Data Storage in Computerworld's Data Storage Topic Center.

Our Commenting Policies