A new study has found that almost half the people who pick up a USB stick they happen across in a parking lot plug said drives into their PCs.
Researchers from Google, the University of Illinois Urbana-Champaign, and the University of Michigan, spread 297 USB drives around the Urbana-Champaign campus. They found that 48 percent of the drives were picked up and plugged into a computer, some within minutes of being dropped.
"The security community has long held the belief that users can be socially engineered into picking up and plugging in seemingly lost USB flash drives they find," the researchers
reported this month.
"Unfortunately, whether driven by altruistic motives or human curiosity, the user unknowingly opens their organization to an internal attack when they connect the drive – a physical Trojan horse."
The study dropped USB sticks containing HTML files that had img tags embedded; opening the files fetched the image from a remote server, allowing the researchers to track the USB drives' use and rough location. It's obviously not a perfect means to detect usage, but close enough. And, yes, we're talking about people – students and staff – who hang around a uni campus.
