Privacy Tip #37 – Beware of fake USB drives and phone chargers

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

USB drives and phone chargers are expensive. Hackers know that. One way hackers are gaining access to get into computers to steal data is by planting USB drives and phone chargers in public areas, hoping someone will pick it up and take it to work or home. I find that people are unaware of this tactic, so the tip today is to beware of random USB drives and phone chargers and walk away if you find one.

How does it work? Portable drives are “modular and programmable” so attackers can swap parts or alter coding in the USB drive or phone charger and switch it with code that is able to change the functionality of the device into a password sniffer or keystroke logger that can infect a computer and steal information.

Last year, a white hat hacker was able to develop a device that looked like a generic USB mobile charger but was able to log, decrypt and track all keystrokes from a Microsoft wireless keyboard and transmitted the information over cellular networks, which has been dubbed “KeySweeper.” Microsoft has stated that Bluetooth-enabled keyboards are protected against KeySweeper.

Black hats have developed their own malicious sweeping devices and people and businesses are becoming victims. It has become such a problem that the FBI recently issued a private industry warning to be aware of and look out for highly stealthy keyloggers that sniff passwords and other input data from wireless keyboards. According to the FBI, “if placed strategically in an office or other location where individuals might use wireless devices” the hackers could steal intellectual property, trade secrets, passwords and personally identifiable information.

The FBI further stated that “[t]he primary method of defense is for corporations to restrict the use of wireless keyboards. Since the KeySweeper requires over-the-air-transmission, a wired keyboard will be safe from this type of attack.”

According to Microsoft, to combat against this threat, use a Bluetooth-enabled keyboard or one that has been manufactured after 2011 that uses Advanced Encryption Standard (AES) encryption technology.

And when you see a stray USB drive or charger hanging around, don’t be tempted. Walk away from it.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide