Last week, Spotify sent a number of USB drives to reporters with a notation:” Play me .”
It’s not uncommon for reporters to receive USB drives in the announce. Business assign USB drives all the time, including at tech meetings, often containing promotional materials or enormous documents, such as videos that would otherwise be difficult to get into as many entrusts as possible.
But anyone with basic defence rehearsal under their hat — which now at TechCrunch we do — will know to never plug in a USB drive without making some precautions first.
Concerned but undeterred, we safely examined the contents of the drive utilize a disposable account of Ubuntu Linux( employing a live CD) on a give computer. We examined the drive and found it was benign.
On the drive was a single audio enter.” This is Alex Goldman, and you’ve just been hacked ,” the datum played.
The drive was just a advertising for a brand-new Spotify podcast. Because of course it was.
Jake Williams, a former NSA hacker and founder of Rendition Infosec, called the move” amazingly manner deaf” to encourage reporters into plugging in the drives to their computers.
USB drives are not inherently malicious, but are known to be used in hacking campaigns — like power plants and nuclear enrichment embeds — which are typically not connected to the internet. USB drives can harbor malware that can open and install backdoors on a victim’s computer, Williams said.
” The enters on the USB itself may contain active material ,” he said, which when opened can exploit a defect on an affected device.
A spokesperson for Spotify did not comment. Instead, it passed our request to Sunshine Sachs, a public relations firm that works for Spotify, which would not comment on the record beyond that” all reporters received an email stating this was on the way .”
Plugging in random USB drives is a bigger problem than you might think. Elie Bursztein, a Google security researcher, found in his own experiment that about half of all beings will plug into their computer random USB drives.
John Deere earlier this year made a ruckus after it administered a advertisement drive that actively hijacked the computer’s keyboard. The drive contained code which when plugged in rolled a write, opened the browser and automatically typed in the company’s website. Even though the drive was not inherently malicious, the move was highly criticized, as malware often acts in an automated, written way.
Given security threats that USB drives can constitute, Homeland Security’s cybersecurity division CISA last month updated its counseling about USB drive defence. Columnists are among those who are frequent targets by some governments, including targeted cyberattacks.
Remember: Always take precautions when handling USB drives. And never plug one in unless you trust it.
Read more: feedproxy.google.com