USB pens – Friend or Foe? July 15, 2007
Posted by Paul Cheeseman in: General, 9 commentsTags: security-risks
I generally try and avoid any kind of mobile media. The number of floppy disks and cd-roms I’ve lost, broken or accidentally overwritten doesn’t really bear thinking about. Along came USB pens that could be attached to a keyring but then the early ones were big and chunky and I still managed to lose them. The latest USB pens I’ve seen can hold 8GB+ of data and as useful as that sounds I’m still in no hurry to buy one. If I was to load up a USB pen with 8GB of data I’d lose it in a few weeks and apart from the monitary loss for the pen, what about the cost in terms of the data lost? I can copy all my work documents and possibly confidential data onto an 8GB pen and carry it with me. What if my the data on my pen drive was confidential staff reviews or budget spreadsheets. The chances are that it would be picked up by someone who would then have a look at the data to see what was on it. If the data is of no use to the person that finds the pen, it is more than likely going to be formatted off and kept by the person who found it. Does that sound cynical ??? There have been a few times in the past year that I’ve been asked ‘Have you lost your keys?’ or ‘Have you lost a wallet?’ I have never been asked ‘Have you lost a USB pen?’
When I first stared working in IT one of the Golden Rules was that you never put a floppy disk into a networked PC without checking it first for viruses and other security risks. There was always the risk that someone might leave an infected disk around with the hope that another curious user would pick up the disk and have a look at the contents. The disk would then infect the PC and take advantage of any privilges the user had on the network. After reading an article in PC PRO magazine by one of the magazines contributing editors Davy Winder it now seems that USB pens are being purchased by hackers, infected with a trojan or something just as nasty and then dropped outside offices and places of work. You can probably guess what happens next !
As the size of the drives increases users have been installing their own Operating systems systems onto them, their own hacking tools and all kinds of images and other media. It’s quite easy to download a selection of pictures and movies and carry them with you, this makes detection of inappropriate files difficult.
The good news is that USB pen makers are addressing some the the security issues with biometrics , encryption and passwords. The bad new is that as always this new technology is costly. The Stealth MXP drive that Davey Winder talks about in his article is not exaclty cheap. If a CD-ROM or floppy disk is lost the cost to replace them would be less than a pound. With USB pens costing £15 – £200+ they present a much bigger dilema to anyone finding one.
Until these secure drives come down in price I’ll hang off buying one, and I’ll be thinking twice before I plug any USB pen into my computer at work. USB pens are really asy to use, but we must always be aware that USB pens are subject to the same security risks as every other type of media. It’s worth remembering that if you find a USB pen on the floor it may not have been lost, it might have been placed there for someone to pick up.
