USB Flash Drives

USB FLASH DRIVES

Small USB flash drives (aka pen drives, aka USB sticks) can be surprisingly dangerous, both their software and their hardware.

SOFTWARE

Most defensive issues involve their software and this has a very simple solution: any new USB flash drive, whether purchased at retail or found lying on the floor, should be plugged in to a Chromebook running in Guest Mode. If the drive has malicious software, it should not infect the Chromebook (most malware targets Windows or macOS), and if it does infect something, exiting Guest Mode should wipe out the infection.

Better still, format the drive from the Chromebook to hopefully wipe out any possibly hidden software or files.

HARDWARE

On the hardware side, the articles below show that a USB flash drive can both explode (when a person is the target of bad guys) or destroy the computer it connects with.

The first I had heard about exploding USB flash drives was in March 2023 as detailed in the articles below. As soon as the flash drive got power from the USB port in a computer, it exploded.

Journalist hurt by exploding USB bomb drive by Thomas Claburn for The Register. March 22, 2023
Journalist plugs in unknown USB drive mailed to him - it exploded in his face by Scharon Harding for Ars Technica. March 22, 2023

The defense here is a USB extension cord, preferably 6 feet or longer. Plug the cord into the flash drive and then stand far away from the flash drive when you plug the other end of the extension cord into a computer. Maybe even have a barrier between the flash drive and yourself. This is yet another reason to use a Chromebook for USB flash drives as they are, generally, cheaper than other computers. Then too, the below.

'USB Killer' flash drive can fry your computer's innards in seconds by Dan Goodin for Ars Technica. October 14, 2015. Booby-trapped USB stick delivers 220-volt charge to attached computer.

Other than avoiding anything but a brand new flash drive, the defense here, yet again, is a Chromebook. This time a very cheap one to serve as the sacrificial lamb, so to speak.

I first heard of the Malicious Cable Detector by O.MG in August 2023. It claims to detect all types of malicious USB cables. At the time, it sold for $40.

This Page Last Updated August 16, 2023	Site Page Views TOTAL 684,182	Site Page Views TODAY 99	Previous Website View 13 seconds ago	Website by Michael Horowitz @defensivecomput	top
Website Average Daily Page Views: August 2023: 558 See the website change log 2023: Jan 724 \| Feb 853 \| March 782 \| April 694 \| May 618 \| June 617 \| July 497 2022: Jan 368 \| Feb 315 \| March 320 \| April 328 \| May 367 \| June 379 \| July 685 \| Aug 1,568 \| Sept 671 \| Oct 664 \| Nov 901 \| Dec 1,222 2021: Jan 337 \| Feb 377 \| March 332 \| April 246 \| May 282 \| June 227 \| July 214 \| Aug 275 \| Sept 290 \| Oct 315 \| Nov 411 \| Dec 293 2020: Jan 212 \| Feb 377 \| March 303 \| April 296 \| May 317 \| June 267 \| July 258 \| Aug 282 \| Sept 279 \| Oct 333 \| Nov 318 \| Dec 332 2019: . . . . . . . . . . . . . . . . . . . . . . . . . . Aug 176 \| Sept 178 \| Oct 194 \| Nov 180 \| Dec 200