In the midst of all the political talk about the recent summit between the United States and North Korea, one particular gift caught the eye of security experts.
Attendees of the summit – including the press – were given a “welcome bag” by the North Korean government. Along with benign items like a bottle of water was one that raised the eyebrows of security experts – a USB-powered fan.
I don’t know about you, but I’ve seen enough malware infection occurrences in the wild to know that anything USB can be used as a trojan horse. USB devices – especially those designed to provide another benefit (e.g. LED light, battery charger, and – think about it – even a phone charging cable) could be used to also host malware designed to allow remote control of a machine, encrypt its contents, or lie dormant waiting for the command to attack.
In an experiment conducted at the University of Illinois Urbana-Champaign in 2016, nearly 300 USB drives laden with harmless code were randomly dropped around the university campus. They found that nearly half of the USB drives were plugged in after being found.
The North Korea fan scenario should be a reminder that any means by which code can be run needs to be scrutinized by users – this should include:
- Email links and attachments
- USB devices
- Document Macros
It’s only by having an elevated security culture within the organization through the use of effective security awareness training will your users default on the side of being suspicious rather than inquisitive.
In the case of the NK fan, a hardware security researcher at the University of Cambridge tested one of the fans from the summit and found no malicious software on the device. Good news.