News  General
USB Flash drive

Stop laughing at the back there...

Ever really thought about what USB devices are? Would it surprise you to learn they actually have all the elements of a full blown computer, together with memory, data transfer and an OS? When you connect one to your computer, smartphone or laptop, you are in fact granting it access to the innermost corners of your device - and if the bad guys have got to it first, they are in there as well.

USB devices identify themselves using firmware, that is software on the device itself to tell the kit it's connected to what it is (such as a keyboard, mouse or memory stick etc) and what it can do. The eagle-eye amongst you will have already spotted the key there being "firmware", which is the software onboard the USB device itself. Software which can be reprogrammed. That's right - a keyboard can be told to tell whatever it is being connected to it's a pair of bluetooth speakers, and the host would not know any different and blindly try to play audio through it. Even worse is the way the firmware can actually hide a bad payload completely - so any inspection doesn't show up anything untoward - until the time is right, when it can pounce and infect the host.

Practise safe sticks

Imagine this scenario:  a public charging station, such as in an airport or cafe, has been compromised so that malware is delivered via USB this way, when in fact the user just thinks their gear is being charged. The dual-purpose of USB, i.e both power and data, is not always to the benefit of these users. All they really need is the power side without the data.

Enter the USB condom

Functionally, a USB condom comprises of a male and female USB socket and connects together only the power pins of the USB wire. The data lines are disconnected, so no malware can be spread if it is being used. Typically, because they are so small, cheap and portable, the user can always connect to these unknown chargers using one - they just carry it around with the the same way they do with their USB devices. So the answer to the question "do they really work?" is a clear yes, because they block all data irrespective of its purpose. Here's more on USB condoms, and chargers generally, from XDADevelopers:

Whichever way you look at it, we always come back to the basic premise of "if it can run software, it can run malware". Fortunately, the simplicity of the USB condom does for once deliver on its promise by taking the data element of of the equation.