Outwitting removable media hackers
Personal Security

6 Ways to Outwit Removable Media Hackers

By Michelle VanOverloop

We’ve all seen the movies where the Tech-Savvy Spy Nerd brings down an entire Evil Organization with nothing but a Top Secret Flash Drive and a few simple keystrokes. And you may have thought, “That never happens in real life!” But it’s an unfortunate reality that powerful malware exists outside of the Hollywood drama and being on the wrong side of an attack could devastate your entire personal information system or your whole company network. That’s why we tracked down six spy-worthy tips to help you prioritize technology security and hopefully get one step ahead of the hacker that’s more Bond Villain than Secret Agent Programmer. And don’t worry - this article will NOT self-destruct five minutes after reading… we hope.

What is removable media?

The most common type of removable media is the USB or flash drive, but removable media is any portable device that can be connected to your computer, network, or information system to share and store data.1 This includes SD cards, portable hard drives, and CDs/DVDs.

Removable media devices are unique because they are a physical piece of hardware that interacts with your computer, rather than a piece of software or program that you download. The device must be physically inserted or plugged into a computer to gain access to the data stored on the device - or vice versa, as we’ll see in a bit.

What are the risks when using removable media?

The risks involved in using trusted removable media devices are fairly straightforward. Because you’re storing data on a separate physical device, it’s simply one more thing to keep track of in your daily life. Removable media devices that get lost or stolen are often irretrievable, and the hackers that happen to snag them are usually granted full access to whatever they contain.

The more complicated risks are introduced when using devices from unknown or less-than-reputable sources. Simply inserting a questionable device into your computer can be enough to expose your whole system to:

  • Keylogger programs that collect the user’s keystrokes, like passwords and security credentials, and either store them on the malicious USB for later use or send them directly to the hacker’s computer.2
  • An outbound network connection, or “reverse shell,” that links your network directly to the attacker.
  • Data exfiltration if sensitive data is stored on the removable media device via a malicious program and is then retrieved by the hacker.
  • Any kind of malware including backdoor Trojans, browser hijackers, and spyware.3
  • Computer death. Yes, that’s right. A USB’s hardware can be modified to destroy a computer’s circuitry.

When it comes to removable media hackers, even less complicated programs can end up causing severe damage to your data, your individual system, or your entire network.

How do I use removable media devices safely?

Now that we’re on the same page about the amount of damage a removable media attack can really do, it’s important to know how you can protect yourself or your company.

1. Never plug unknown devices into your computer

This might seem like a no-brainer, but modern hackers use sophisticated social engineering techniques to target your curiosity, self-interest, or even willingness to help.4 USB drives are often planted in public places, sent out to companies as “free gifts,” or distributed at conferences as a way of lowering your guard and assuring you that they’re safe to plug into your computer. In the case of removable media, being a good Samaritan or getting that surprise gift is not worth the risk.

2. Disable Autorun on your computer

Autorun is the setting that tells your computer to automatically run programs on inserted removable media without the user having to initiate the process. Autorun can be useful when installing new software from a CD, for instance, but it also makes you extremely vulnerable to a hacker’s malicious programs. With this setting enabled, hackers can create malware that runs automatically as soon as the device is inserted.

3. Consider a device with extra security features

There are several popular methods you can use to encrypt your data on removable media devices, rendering your files useless to any hacker that happens to gain access.5 Some modern memory sticks even come equipped with fingerprint authentication.

Also, be sure to purchase your device from a trusted manufacturer. Some malicious third-party sellers ship removable media with malware already installed, so do your research before you buy.

4. Keep personal and work devices separate

It might be tempting to take fewer precautions with a device that you normally keep at home or assume that corporate information accessed at home has the same security protections as at the office. But hackers are waiting to take advantage of those moments and exploit security vulnerabilities whenever possible. To prevent cross contamination, avoid mixing the devices you use for storing data at home and at work.

5. Keep your system up-to-date

Whether we’re talking about your personal computer or your office devices, it’s important to keep the most recent firewall, antivirus software, and anti-spyware software installed on all your systems.6

6. Find alternate solutions

Consider discontinuing use of removable media altogether. Most companies have internal networks set up for file sharing between employees that are heavily protected with firewalls, passwords, or security clearance tiers.

Your mission, should you choose to accept it…

You don’t have to be a super spy to protect yourself or your company from a removable media attack. Though no device or system is ever 100% safe, securing your data properly, avoiding unfamiliar devices, and being aware of your own social engineering vulnerabilities are key tools in your defense. So grab a cold drink - shaken, not stirred - and relax in the knowledge that you’re six steps closer to outwitting the Bond Villain Hacker of removable media.

Sources:

  1. Truong, Jessica (2021, October 25). Security Best Practices for Removable Media and Devices. Retrieved from: https://hackernoon.com/security-best-practices-for-removable-media-and-devices 
  2. Adam (2021, January 11). The Cyber Risk of USBs. Retrieved from: https://www.totem.tech/the-cyber-risk-of-usbs/
  3. A NortonLifeLock Employee. How to safely and securely use USB memory sticks. Retrieved from Norton: https://us.norton.com/internetsecurity-emerging-threats-how-to-safely-and-securely-use-usb-memory-sticks.html 
  4. Pilette, Chloe (2021, July 26). What is social engineering? A definition + techniques to watch for. Retrieved from Norton: https://us.norton.com/internetsecurity-emerging-threats-what-is-social-engineering.html 
  5. Information Security Office (2021). Approved Encryption Methods for Removable Media. Retrieved from The University of Texas at Austin: https://security.utexas.edu/iso-policies/approved-encryption-methods/removable-media 
  6. Cybersecurity & Infrastructure Security Agency (2019, November 15). Security Tip (ST08-001) Using Caution with USB Drives. Retrieved from: https://www.cisa.gov/uscert/ncas/tips/ST08-001 
About
Michelle VanOverloop
Read More from Michelle VanOverloop
Michelle VanOverloop

Related Articles

Paying with contactless technology

Contactless Payments: Health, Security, and Ease of Use

 #Personal Security
Staying safe on social media

The World of Social Media Safety

 #Personal Security
Creating passwords

The Ins and Outs of Password Security

 #Personal Security

Related Reading

  • Vehicle Title Loans

    Get a Title Loan from Speedy Cash with your vehicle as collateral! See what to bring to a store, the process once you arrive, and what repayment...

  • Online Loans

    Discover Speedy Cash online loans, how they work, what's required, and how to apply. Online loans provide convenience and flexibility, so get...

  • Cash Advance Loans

    We've designed our Cash Advance application to be as straightforward as possible, so in most instances you can access the funds you need without delay.

© 2024 Speedy Cash. All Rights Reserved.

Loan Products: Subject to state regulations, eligibility, credit check, underwriting & approval, and meet state database eligibility, where required based on type of lending product requested. All products are not available at all locations. Rates, terms and conditions apply. See associate for details. Lending decisions and funding times subject to system limitations. Some applications may require additional verification, which can delay the lending decision.

Non-Loan Store Services: Rules, restrictions, and fees apply. See store for details.

Short term loans should be used for short-term financial needs and not as a long-term financial solution. Customers with credit difficulties should seek credit counseling.

The credit decision on your application may be based in whole or in part on information obtained from a national database including, but not limited to, TransUnion, Equifax, LexisNexis or FactorTrust, Inc.

†Instant funding is not applicable for all debit cards and is not available in Ohio, Oklahoma, Oregon, or South Carolina. Subject to system limitations. Some restrictions may apply.

∞Cash advances only available up to approved credit limit; some restrictions may apply.

Green Dot: Must be 18 or older to open an account. Online access, mobile number verification (via text message) and identity verification (including SSN) are required to open and use your account. Mobile number verification, email address verification and mobile app are required to access all features.

1. Early direct deposit availability depends on payor type, timing, payment instructions, and bank fraud prevention measures. As such, early direct deposit availability may vary from pay period to pay period. The name and Social Security number on file with your employer or benefits provider must match your Green Dot account to prevent fraud restrictions on the account.

2. Opt-in required. Account must be in good standing and chip-enabled debit card activated to opt-in. Initial and ongoing eligible direct deposits are required for overdraft coverage. Additional criteria may apply which can affect your eligibility and your overdraft coverage. Overdrafts are paid at our discretion. Overdraft fees may cause your account to be overdrawn by an amount that is greater than your overdraft coverage. A $15 fee may apply to each eligible purchase transaction that brings your account negative. Balance must be brought to at least $0 within 24 hours of authorization of the first transaction that overdraws your account to avoid a fee.

3. See app for free ATM locations. 1 free in-network withdrawal per calendar month. $3.00 per withdrawal thereafter. $3.00 for out-of-network withdrawals and $1.00 for balance inquiries, plus any fee the ATM owner may charge. Limits apply.

Green Dot® cards are issued by Green Dot Bank, Member FDIC, pursuant to a license from Visa U.S.A., Inc. Visa is a registered trademark of Visa International Service Association. And by Mastercard International Inc. Mastercard and the circles design are registered trademarks of Mastercard International Incorporated. Green Dot Bank also operates under the following registered trade names: GO2bank, GoBank and Bonneville Bank. All of these registered trade names are used by, and refer to, a single FDIC-insured bank, Green Dot Bank. Deposits under any of these trade names are deposits with Green Dot Bank and are aggregated for deposit insurance coverage up to the allowable limits. ©2023 Green Dot Bank. All rights reserved. Green Dot Corporation NMLS #914924; Green Dot Bank NMLS #908739

NOTICE: The Federal Equal Credit Opportunity Act prohibits creditors from discriminating against credit applicants on the basis of race, color, religion, national origin, sex, marital status, age (provided the applicant has the capacity to enter into a binding contract); because all or part of the applicant’s income derives from any public assistance program; or because the applicant has in good faith exercised any right under the Consumer Credit Protection Act. The Federal agency that administers compliance with this law concerning this creditor is the Consumer Financial Protection Bureau, 1700 G Street NW, Washington DC 20006 and the Federal Trade Commission, Equal Credit Opportunity, Washington DC 20580.

Alabama: Minimum age to apply in Alabama is 19.

California: Company is licensed by the California Department of Financial Protection and Innovation pursuant to California Deferred Deposit Transaction Law, Cal. Fin. Code §23000 et seq.

California: Compañía está autorizada por el Departamento de Protección e Innovación Financiera bajo la ley de Transacciones Depósito Diferidas de California, Cal. Fin. Código § 23000, et seq.

Customers who are California residents may request information from us to know what personal information we may collect, have, or maintain about them and what we do with it per the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). If you are a California resident and wish to make a request under CCPA or CPRA, click on the “Do Not Sell or Share My Personal Information” button or link.

Nevada: The use of check-cashing services, deferred deposit loan services, high-interest loan services or title loan services should be used for short-term financial needs only and not as a long-term financial solution. Customers with credit difficulties should seek credit counseling before entering into any loan transaction.

Oregon: Licensed by the Oregon Department of Consumer and Business Services to make Deferred Deposit Loans, NLMS Id. #0267-004-S.

Tennessee: The State of Tennessee requires a minimum principal reduction. In order to comply with the minimum state-required principal reduction, Speedy Cash requires that minimum payments include a principal reduction of 2% or $2.50 for Customers who get paid bi-weekly/twice-a-month, or 4% or $5 for Customers who get paid monthly, whichever is greater.

Texas: Speedy Cash operates as a Registered Credit Access Business (CAB). The actual Lender is an unaffiliated third party. Speedy Cash engages in the money transmission and/or currency exchange business as an authorized delegate of MoneyGram Payment Systems, Inc. under Chapter 151 of the Texas Finance Code. If you have a complaint, first contact MoneyGram Payment Systems, Inc. at 1-800-MONEYGRAM . If you still have an unresolved complaint regarding the company’s money transmission or currency exchange activity, please direct your complaint to the Texas Department of Banking: 2601 North Lamar Boulevard, Austin, TX 78705-4294, 1-877-276-5554 (toll free), www.dob.texas.gov.