USB-connected devices present cyber vulnerabilities

News

USB-connected devices present cyber vulnerabilities

Caroline Baldwin

Connecting devices to computers using a USB port could lead to security breaches.

USB technology has been called “critically flawed” by Berlin-based security researchers Karsten Nohl and Jakob Lell.

130831_1141.jpg

According to the BBC, the researchers said there is no way to defend against cyber vulnerabilities from USB connected devices.

Karsten Nohl and Jakob Lell said that a USB stick that has been formatted and is completely empty can still contain malware that can infect computers. This flaw can be hidden in any USB-connected device.

USB sticks have been associated with malware attacks for some time. To protect businesses from USB attacks, software can be run on the drives that run a sandbox or protects against infected systems. Enterprise virtual private network (VPN) with two-factor authentication can minimise the chances of data being copied to a local system.

But increasing numbers of employees will be plugging in USB-connected devices as the trend of bring your own device (BYOD) becomes more prevalent in the enterprise.

Derrick Bates, information security officer, North Cumbria University Hospitals NHS Trust said in June 2014 that bring your own device (BYOD) is the “scariest thing to happen in IT security since the USB stick,” while adding that mobility is something that should not be shied away from.

Instead, Bates said organisations could reap all the benefits offered by mobile data without the risk, as long as the organisation ensures the appropriate controls are in place.

“It is always important to ensure basic controls are in place to protect the low-hanging fruit from compromise,” he said.

This approach, however, needs to be backed up and supported by an effective user security awareness training programme, said Bates.


Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
 

COMMENTS powered by Disqus  //  Commenting policy