Friday, June 16, 2006

Tech: How to breach security with a memory stick - so simple!

We've heard in the past how USB drives/memory sticks constitute a real security risk. Well, someone's demonstrated the simplest method yet for infiltrating any company's computer systems, using cheap memory sticks.

As SecurityMonkey has pointed out numerous times, the human factor is a major issue - if not the biggest problem - in security risk.

In a nutshell, you put a trojan - really, anything executable - on a memory stick. On lots of them. Scatter them around in the employee carpark of the target organisation. Then just sit back and watch people plug them into their computers ("Look. Free memory. What's on it? Does it work? One way to find out..."). Watch the company's data just walk out the door. Or watch the network collapse. The possibilities are endless.

PS Full marks to my wife: she said she wouldn't pick one up. But then, she's been bitten before. On her offday, some bloke "borrowed" the use of her computer, and plugged in an infected memory stick. It totally tanked the computer.

No comments: