USB technology is common in the workplace, and we bet that you’d have a hard time finding an office that doesn’t use it to some extent. However, if you’re not careful, these devices could become open gateways for threats to infiltrate your network, putting your entire data infrastructure at risk. This makes it exceedingly important to know where your USB devices have been, and what they might contain.
USB devices are known for their portability and versatility. Flash drives and hard disk drives can easily be transported and used to either carry files in bulk, or transfer them to other devices. In fact, USB is so useful that it’s found its way into networking drives. Plus, there are several other types of USB dongles that take advantage of USB technology, so many that it would be impossible to list them all here.
Consider this nightmare scenario: what would you do if an employee found a USB drive on the ground in your parking lot? Would you let them plug it into a network-connected device to see what its contents are? After all, it might be one of your drives that someone dropped. Regardless of what it is, one should never connect random devices to a network with sensitive data. The storage devices could contain executable malware that installs as soon as it’s plugged into a computer. It might even contain a trojan that inconspicuously downloads itself to your device, allowing for backdoor access at a later date.
A recent report states that something as simple as a $10 USB device can log keystrokes from a wireless Microsoft keyboard, and transmit the strokes via a wireless frequency. The renowned whitehat hacker Samy Kamkar created the device out of a USB phone charger, something that’s so common these days that its presence means, quite literally, nothing out of the ordinary. This type of threat, however, drew the attention of the FBI, which saw fit to release a statement warning about the potential dangers of USB device hacking. Though no attacks have been exploited in the wild, the root cause of the vulnerability still needs to be observed by security professionals.
The main problem that businesses need to concern themselves with is the theft of data before it reaches its destination. That’s how the USB device snags keyboard strokes. This vulnerability extends far beyond the Microsoft wireless keyboards, as the same tactic can be used to intercept data of similar nature. Any device that sends unencrypted signals could be intercepted and exploited by hackers, exposing data that could lead to the theft of your financial information, identity, or login credentials. It’s similar to how a hacker would access data that’s being transferred over an unsecured or unencrypted Internet connection.
Is your business handling data management to the best of its ability? After all, it only takes one mistake to let loose a flood of threats. In this case, any devices that your employees would like to use for work purposes should first go through IT to get the proper clearance. For any business serious about network security, this should be a company policy that can be enforced with security tools, like a mobile device management solution and UTM. To learn more about network security and online threats, reach out to us today.