Security, Privacy Issues and USB Drives

By Wout de Natris
Wout de Natris

In an article on a report from Sophos Australia is reported on. The anti-virus software company had bought 50 usb drives for analyses at a public transport auction of devices left on the Sydney trains. When they wrote that 66% was infected with malware, I presumed that they were left behind consciously, but were they?

Loss of privacy sensitive data

No, apparently not. The article was mainly on privacy issues, that people are unaware of the risks they run when not securing their devices. The article gives a summary of content lost this way. Yes, this is a very important issue. We have heard about great loss of privacy sensitive data or military secrets lost on devices (and discs) in the recent past. Cyber awareness and the sense that privacy is a serious issue in cyber space is still at a low ebb with a lot of people.

But what if?

The article gave rise to some reflection on my part.

1. The amount of malware on the usb drives
a. Was this in place when bought or
b. Is this a clear sign of the amount of pcs/laptops infected?

2. Spreading usb drives as source of infections
With the price of usb drives as low as it is, this is a way to infect other devices quickly. Whether through infection from the manufacturer or through distributing some devices on trains and other public places.

Mandatory pre-checks. A solution?

What about issuing, by law, information on how usb devices (external hard disks, etc.) can be checked before use in combination with them not working before the mandatory check? Is this feasible or technically possible? It's worth considering if society wants to be more secure.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. Visit the blog maintained by Wout de Natris here.

Related topics: Cybercrime, Cybersecurity, Law, Malware, Policy & Regulation