TTWCP Daily Podcast- 2018-06-06: The Dangers of Using USB Drives

On This Episode…
Today a warning about USB Drives and their use and how the Bad Guys including State Actors are using them.
Share This Episode
For Questions, Call or Text:


Below is a rush transcript of this segment, it might contain errors.

Airing date: 06/06/2018

The Dangers of using USB Drives

Craig Peterson: [00:00:00] Hi guys, Craig Peterson here again. I’ve got a couple of warnings about USB drives, that little small stick drives thumb that we all have. And we use, and it was interesting – I was thinking back right of all of the different ways we used to move data around. Of course way back when it was punched tape and computer tape, I used that a lot. I used it before that punch cards. When I was programming and putting stuff together for computers. I basically used it all the eight in hard sector floppy disks all the way down to the little ones. DVD drive CD-ROM drives. And of course today we are sharing stuff over the network. We’ve got to us be drives that we’re using to carry things around on and sometimes we just copy it to our phone and send it back and forth, that it’s really changed over the years. But there is a problem and the problem is that USB drives are now being misused, they’re being infected. I’ve got a report here a warning out from our friends over at the FBI and they’re talking about the vulnerability, it’s a “cakbot” is what it’s called marionette. Now, this is a piece of malware that has been coming on thumb drives come in straight out of China and apparently it might be targeted at one of them is a financial services corporation that they got this some drive infected with this malware variant that’s designed to steal bank information banking information. We also have had warnings before as I was thinking about this about us be charging station these public charging stations you see them everywhere now right they are on airplanes you can plug in USP devices you can plug them in at the local coffee shops on and on.

: [00:02:02] And what’s been happening is people have been taking those little charging stations plugs a kind of pop off the front and put a little piece of hardware in there. So, it’s not just a dumb charging station actually fairly smart. And then the public USB charging stations are then used to install viruses and hack the devices that you plug into the charging stations. Now if you’ve ever tried to route a phone a smartphone like for instance an iPhone you know that the only way you really been able to route them in the past has been to plug them in to a USB port and then run some software and it uses some of the diagnostic features of the device in order to be able to get into it. And you can root your phone while reading your phone, of course, is getting around the operating systems controls right. So, if you have access to the U.S. port on a smart device whether it’s a computer or a smartphone you can potentially, not necessarily but potentially you can get into that device and take control of it. So, this is just kind of a general warning for everybody don’t play around with us. Be poured. And if you do get a thumb drive if you buy these things and I do these all the time we use them for installing computers for our customers. Use them for configuring firewalls and moving stuff around. And the thing you have to remember, make sure you format it.

: [00:03:38] Now how do you format a thumb drive. Most people do it on their computer. But once you’ve put it into the computer, isn’t that computer now infected. All right to think about that one for a minute. So, there are devices that you can get. All they do is the format. And these pieces of malware that might be on them don’t affect it at all. So, if you’re responsible for the security or at least for those of you that are responsible for security in a large organization, make sure you get one of these USB thumb drive bulk erasers. The rest of us use a machine, that’s probably not susceptible. Maybe take an old laptop to install Linux on it and use Linux to reformat those thumb drives. The next best thing would be a Mac, and then the worst thing would be a Windows computer because those are the number one targets and frequently they’re the ones with the most vulnerabilities. And then you can get all the way as far as what IBM just did in the last month. And they have now banned removable devices in their entirety for their employees to use. So, if you work for IBM you cannot only not use a thumb drive. You can’t use one of those detachable USB drives either that so many people use for backing up their systems and moving data around till a couple of warnings about your US drives you might not have thought about it but just because it’s so-called freshly formatted and came from the manufacturer in China, doesn’t mean it’s safe.

: [00:05:08] Always reformat those drives and if you’re concerned about security another thing you might want to do, is not only disable those thumb drive port those USB ports on the devices for your computers in the company but you might want to get some epoxy and put the epoxy right there in the ports. So, no one can plug anything in because it’s a great place for people to steal data from you. And it’s also a great place to introduce malware. Think about what happened with Iran with their nuclear program. We brought their nuclear program to its knees, while we admitted it. Afterward, we worked with of course Israel on this. But, we got onto their computers infected them destroyed their centrifuges because someone found a USB drive that probably Israel had placed at a coffee shop near the nuclear site and they found they saw USB drive. They brought it back and they plugged it into a computer that was not internet connected sitting there controlling the centrifuges and we were able to completely destroy the centrifuges. So, it’s a dangerous thing. Be careful with thumb drives. Have a great day and we’ll be back of course with another thought here, as I am kind of doing a little bit of vacationing and working here working holiday all at once so as things come up. I’ve been trying to put out a real quick little podcast. Thanks for listening. Make sure you share it and make sure you go to iTunes and give me a rating. Craig Peterson dot com slash iTunes and leave a comment. I appreciate it. Thanks. Take care. Bye-bye.