USB FLASH DRIVES
Small USB flash drives (aka pen drives, aka USB sticks) can be surprisingly dangerous, both their software and their hardware.
SOFTWARE
Most defensive issues involve their software and this has a very simple solution: any new USB flash drive, whether purchased at retail or found lying on the floor, should be plugged in to a Chromebook running in Guest Mode. If the drive has malicious software, it should not infect the Chromebook (most malware targets Windows or macOS), and if it does infect something, exiting Guest Mode should wipe out the infection.
Better still, format the drive from the Chromebook to hopefully wipe out any possibly hidden software or files.
VALIDRIVE
For Windows users, Steve Gibson offers his free ValiDrive program. I highly recommend it. The program does three things
ValiDrive is a single EXE file, thus there is nothing to install and the program is portable.
DATA ROT
If left unused for long enough, an SSD (or a USB flash drive) can lose data. The experiment described below showed a non trivial amount of data rot after 2 years of neglect.
April 16, 2025: Unpowered SSD endurance investigation finds severe data loss and performance issues by Mark Tyson of Toms Hardware. Quoting: "You may not know it, but SSDs will lose data after a period of time if they are simply left unplugged, which can be a serious threat to your data ... A year-two update on the how long can SSDs store data unpowered video series is another reminder about the importance of regularly refreshing your backups with a bit of juice ... I have also experienced SSD data loss after leaving a Mini PC unpowered for just six months or so ... On return, Windows refused to boot or be repaired, but a reformat and reinstall seemed to return everything to normal." The article is about SSDs, but it is safe to assume it also applies to USB Flash Drives.
April 29, 2025: On Episode 1023 of his Security Now! podcast, Steve Gibson discussed the above experiment, explained the low level physics behind the data rot and added: "... temperature is crucially important. Several years ago we covered a piece of news that noted that offline SSDs stored in hot data centers tended to lose their data more quickly than the same SSDs stored in a cool environment. Heat inherently agitates electrons and increases the probability that one will make it across the cell’s insulating barrier. So if you do have any offline SSDs or thumb drives where you have important data stored, I’d give them a full data rewrite pass with SpinRite at Level 3, then put them in a zip-lock bag in a refrigerator, or at least store them somewhere cool."
HARDWARE
On the hardware side, the articles below show that a USB flash drive can both explode (when a person is the target of bad guys) or destroy the computer it connects with.
The first I had heard about exploding USB flash drives was in March 2023 as detailed in the articles below. As soon as the flash drive got power from the USB port in a computer, it exploded.
The defense here is a USB extension cord, preferably 6 feet or longer. Plug the cord into the flash drive and then stand far away from the flash drive when you plug the other end of the extension cord into a computer. Maybe even have a barrier between the flash drive and yourself. This is yet another reason to use a Chromebook for USB flash drives as they are, generally, cheaper than other computers. Then too, the below.
Other than avoiding anything but a brand new flash drive, the defense here, yet again, is a Chromebook. This time a very cheap one to serve as the sacrificial lamb, so to speak.
I first heard of the Malicious Cable Detector by O.MG in August 2023. It claims to detect all types of malicious USB cables. At the time, it sold for $40.
This page: 5 views per day (over 780 days) Total views: 4,208 Created: March 25, 2023 |
This Page Last Updated May 5, 2025 | Site Page Views TOTAL 1,191,026 | Site Page Views TODAY 518 |
Website by Michael Horowitz |
top |