Sunday, July 8, 2012
Use of infected Thumb Drives (USB Drives) is a major security weakness
Thumb drives are extremely popular due to their portability, convenience and low cost. Computer users, at home or at work cannot do without a thumb drive for sharing digital data such as files or music. Drives have become so cheap that product vendors freely distribute them at product conferences as giveaways or as repositories of digital product literature. Any digital product with a USB port and storage capacity can be converted into a digital drive. A common example would be the ubiquitous smart phone. Thumb drives have also become fashion accessories with drives disguised as pendants and pens making them harder to detect.
Most companies prohibit or regulate the use of USB ports and the devices that can be connected to them. The US Government has forbidden the use of such devices in Government and Defense departments post Wikileaks. USB’s are used in targeted attacks to compromise systems which are physically isolated from the Internet or external networks. Stuxnet, a cyber weapon which destroyed Iranian centrifuges spread through a compromised USB drive. In a more recent case, the Indian Eastern Naval Command was infected by malware which allegedly spread through a compromised USB. According to news reports “The malware is then thought to have created a secret folder on the drives where it stored documents, and as soon as the drive was plugged into a computer connected to the web, it sent the files to specific IP addresses”.
Users of USB drives face the risk of mass malware designed for cyber crime involving spam or financial fraud or the more targeted variety for espionage or cyber destruction. Malware normally propagates by copying itself onto clean drives inserted into infected computers. There is a probability of mass infection if the drive is infected at production or when digital data (such as product brochures) are mass copied onto several thousand drives.
In both these cases, the common elements are a lack of security awareness or the pressure of a deadline causing individuals to override the fundamental security principle of not using third party USB drives, and an over reliance on antimalware products to detect malware. Antimalware products have limited success in instances where the malware is custom designed for select targets.
In the case of the Iranian Stuxnet infection or the Indian Naval Leaks, the key introspection point was the method in which the compromised drive entered the premises. These installations are highly secure and forbid the use of outside drives (non registered drives), therefore the use of an unauthorized drive or the compromise of an internal drive needs detailed investigation into the human element and motive behind it. It is an indicator that the technical methods to prevent motivated individual using such drives was not as restrictive as it needed to be.