Discussion on USB Devices: Security Threats and Mitigation Techniques

Verified

Added on 2023/06/09

AI Summary

This discussion post delves into the security risks associated with USB devices, commonly known as flash drives or USB sticks. It highlights the potential vulnerabilities that attackers exploit, such as malware installation and data theft, due to their portability and ease of use. The post explains how attackers can use USB devices to compromise computer systems by acting as network cards, keyboards, or bootable malware. It emphasizes the importance of understanding these risks and implementing protective measures, including encryption, password protection, separating personal and business USB drives, using updated security software, disabling autorun features, and establishing company policies regarding USB device usage. The conclusion reinforces the balance between the benefits and risks of USB devices, advocating for proactive measures to mitigate potential threats and prevent data breaches.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Running Head: DISCUSSION ON USB DEVICES 1
Discussion on USB Devices
Student’s Name
Institution

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

DISCUSSION ON USB DEVICES 2
Discussion on the topic of USB devices
USB is the acronym of the Universal Serial Bus which refers to the device that is
capable of storing information in flash memory by the use of the universal serial bus interface
that is integrated (Kang, & Saiedian, 2017). We can say that USB flash drive can also be
called USB stick and USB key, thumb drives, and other names. They are the most used
method of data storage and data transportation from one pc to another due to their smaller
size, less expensive, readily available and above all, they are portable. In the resent times, the
above characteristics make this device appealing to the hackers. This device can be attacked
not only by plugging into gadgets like iPod, cameras or electronic picture frames but also by
the producer or the supplier might supply infected USB in the case where the quality
standards are not met and once they are inserted into the computer, the malware is installed
automatically, (Jain & Roy,2014).
Understanding USB potential risks.
According to some researchers, USB drives are made in a way that they could have
security flaws in them which might affect the normal working or operation of the computer.
Due to this reason, trust issues with the devices we plug into our PCs are brought. This can
pave way for the virus to overwrite and take control of your pc. The USB device can show
maliciousness in three different ways. One, it can act to be a network card (Tian, Bates, &
Butler 2015). This can change the pc system domain name in order to inject a URL for a
website in order to secretly redirect the traffic. Secondly, a device can pretend like a
keyboard and provides it's on orders to the system in charge in order to corrupt some files or
even install the virus into your pc. And lastly, a modified USB drive or external disk
especially when it senses that a PC is starting up, can boot a small malware which can infect
your pc operation system before booting.

DISCUSSION ON USB DEVICES 3
How do attackers use USB?
There are several ways that attackers can make use of the USB for instance, they can
install malicious malware or code on that device that can detect when inserted to the pc. This
affects the pc immediately its plugged in. secondly, the sensitive data can be downloaded into
the USB drive directly. This is achieved when a connected computer is accessed physically
by the attacker whether turned off or not because the computer memory is still in operation.
The attacker can reboot the system quickly from the USB drive and copy the sensitive
information like passwords, encryption keys to the drive. In the organization where the
employees are not equipped with such security risks, it can be the greatest weakness and not
malicious insiders (Yang, Qin, Zhang, Wang, & Feng, 2015). A good example is the
department of the homeland where USB drives got the company's logo.
Ways of protecting the information on the USB drive and on the computer.
The first way is the use of the security features like encryption and passwords to
protect your information from the above-mentioned risk and also ensuring data backup in
case your drive gets lost. Secondly, by separating personal USB drives from business USB
drives in order to avoid the sensitive personal or company's information from getting lost.
Thirdly, by the use of updated security software's like firewalls, anti-spyware and anti-virus
software. This will make your computer more protected and less vulnerable to any attract.
The breaking news from Europe stated that out of 61 antivirus software's, only 10 were able
to stop immense ransomware attract, (Bhakte, Zavarsky & Butakov, 2016). This can be due
to the use of outdated software's. Fourthly, by avoiding plugging unknown USB drives into
your computer in the context that you want to know the owner or view the content. in order to
avoid the risks that might occur. Another way is by ensuring that you disable the autorun and
the outplay in order to avoid malicious code to automatically open on the USB drive that is

DISCUSSION ON USB DEVICES 4
affected. autorun is a feature in windows that causes removable devices like compact disks,
USB drives, and DVDs to automatically open when plugged into your drive, (Clark, Leblanc
& Knight, 2011). Last but not least, develop and implement policies that are related to the use
of USB drives in your company. This can be achieved by ensuring that employees are
understanding the company policy on the use of USB drives and the dangers attached to it.
Conclusion,
To sum up my discussion, the use of USB device can have both its benefits and risks.
The chances of the risks occurring can be reduced using intelligent measures and quick action
to prevent negligence if any, (Tian, Bates, & Butler, 2015). However, the portability,
availability and less expensive benefits of this device make it more attractive to the attackers.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

DISCUSSION ON USB DEVICES 5
References
Jain, A., & Roy, T. (2014). Windows Registry Forensics: An Imperative Step in Tracking
Data Theft via USB Devices.
Kang, M., & Saiedian, H. (2017). USBWall: A novel security mechanism to protect against
maliciously reprogrammed USB devices. Information Security Journal: A Global
Perspective, 26(4), 166-185.
Yang, B., Qin, Y., Zhang, Y., Wang, W., & Feng, D. (2015, December). Tmsui: A trust
management scheme of usb storage devices for industrial control systems. In
International Conference on Information and Communications Security (pp. 152-
168). Springer, Cham.
Clark, J., Leblanc, S., & Knight, S. (2011, April). Risks associated with usb hardware trojan
devices used by insiders. In Systems Conference (SysCon), 2011 IEEE International
(pp. 201-208). IEEE.
Tian, D. J., Bates, A., & Butler, K. (2015, December). Defending against malicious USB
firmware with GoodUSB. In Proceedings of the 31st Annual Computer Security
Applications Conference (pp. 261-270). ACM.
Bhakte, R., Zavarsky, P., & Butakov, S. (2016, June). Security Controls for Monitored Use of
USB Devices Based on the NIST Risk Management Framework. In Computer
Software and Applications Conference (COMPSAC), 2016 IEEE 40th Annual (Vol. 2,
pp. 461-466). IEEE.