USB memory sticks pose new dangers
Some new drives can be used to automatically run malware
Computerworld - The ability to use tiny USB memory sticks to download and walk away with relatively large amounts of data has already made the ubiquitous devices a potent security threat in corporate environments. Now, the emergence of USB flash drives that can store and automatically run applications straight off the device could soon make the drives even more of a security headache.
Demonstrating the potential danger, Hak.5, a security-related podcast, earlier this month showed how a USB memory stick can -- in just a few seconds -- be turned into a device capable of automatically installing back doors, retrieving passwords or grabbing software product codes.
Hak.5's "hacking framework" is called USB SwitchBlade and gives hackers a way to automate different payloads running on a USB flash drive, said Darren Kitchen, the Williamsburg, Va.-based co-host of Hak.5.
SwitchBlade takes advantage of a relatively new technology from Redwood City Calif.-based U3 LLC that allows software and applications to be executed directly from USB drives. U3's technology is designed to increase mobility by letting users store their personal desktops -- including their programs, passwords, user preferences and other data -- on a memory stick and then run it on any computer without worrying about whether those applications are installed on that system.
Unlike traditional USB flash drives, U3 memory sticks are self-activating and can auto-run applications when inserted into a system. They're part of an emerging set of "smart" flash drives becoming available from vendors such as Migo Software Inc. and Route 1 Inc.
But the same functions that allow for such mobility also give hackers another way to break into systems, said John Pescatore, an analyst at Gartner Inc. in Stamford, Conn. "Most people think of these things as storage sticks. But U3 is a little computer on a thumb drive" that could be dangerous in the wrong hands, he said.
Hak.5 has developed code that can replace parts of the original content on a U3 flash drive with a payload for "instantly" retrieving Windows password hashes when a memory stick is inserted into a computer, Kitchen said. Also available within the Hak.5 community are payloads that in seconds can retrieve AOL Instant Messenger and MSN passwords, browser histories and software products keys. Payloads can also be used to install back doors and Trojan horse programs on computers.
None of the hacker tools used in SwitchBlade are new. And security analysts have for some time now been warning that USB-connected devices such as flash drives and iPods can be used to sneak viruses and other malware into corporate environments,
But the fact that such tools can now be run automatically on a self-activating flash drive makes them far more accessible and easier to exploit, said Ken Westin, a security analyst at Centennial Software Ltd. a Swindon, England-based IT asset management company. "The combination is creating a perfect storm," he said.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Gartner 2013 Magic Quadrant for Enterprise Backup/Recovery Software See why CommVault was positioned as the #1 leader in Gartner's 2013 Magic Quadrant for Enterprise Backup/Recovery software for the 3rd year in...
- Forrester Report: CommVault is a Leader in Enterprise Backup and Recovery In this report, Forrester takes a deep dive into the evaluation criteria, how CommVault is positioned and the features and functionality that make...
- Forrester Wave for Enterprise Backup and Recovery Read this report to see how CommVault continues to outpace its competitors and why Forrester positioned CommVault Simpana as the top backup and...
- Three Best Practices to Help Government Agencies Overcome BYOD Challenges This paper highlightschallenges facing government IT in a BYOD environment and discusses strategies for network preparation, ongoing support, and securing information to enable...
- Live Webcast Best Practices for the Hyperconverged Enterprise Network To the Age of Constant Connectivity and Information overload
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Make or Break: New Auto Products Must Go To Market On Time This Webcast quantifies the value of time to market for the auto industry and highlights how Primavera Enterprise Portfolio Management can help organizations.
- IBM Flash Webcast: Optimizing your Datacenter for Efficient Storage & ROI Register for this webcast to learn the benefits of flash storage from IBM Customer, Leonardo Irastorza of Royal Caribbean Cruise Ltd and Storage...