What Can IBM Teach Us About USB Device Security?

A short while ago there was a security conference being held and one of the vendors at this conference was IBM.

If you have ever been to a conference before then you know that there is a lot of swag that is handed out.

Swag is a product that the person or company might be giving away free in order to promote their products, such as when you go to a baseball game and it is free bat day.

So, at this particular conference, IBM decided to give away, as part of their swag, a USB device.

A USB thumb drive to be exact.

is your USB thumb drive infected?

Virus Infection

It turns out that this innocent looking thumb drive had a virus already loaded onto it.

If you are a company that is presenting at a security conference, this can be pretty embarrassing – it makes you look very bad, especially in a room full of security experts that you are trying to impress!

This fiasco proved one thing – that even in a company as large as IBM they forget to check even the simple things.

The problem could have been avoided if they simply checked even a small sample of the devices to see if any malware was on them.

When people think of malware they automatically assume that it is going to come from some rogue piece of software off of the internet and they forget that, before the internet was in as many places that it is now, some of these attacks were done through hardware devices.

Before the USB thumb drive it would be the floppy disk that would spread this type of malware around to other people’s computers.

The sharing and copying of floppy disks to spread data around the office used to be known as the sneakernet and there were plenty of pieces of bad malware that were spread around in that manner.

Lessons Forgotten

So we have taken the lessons of the past and completely forgotten about them.

In the world of technology, we tend to be forward looking; we do not look at the past for inspiration as much as other fields do.

So sometimes we have to learn lessons two or three times before they are able to sink into our heads.

Companies handing out malware to a security conference in the form of a piece of hardware are definitely an example of an old school lesson that has been forgotten in history.

So make sure that you do not forget this lesson.

When you have a new hardware device such as an USB thumb drive or a DVD disk make sure you run a scan on it first.

There are people still passing around viruses and other such malware on hardware devices.

If you were downloading anything from the internet you would be sure to scan it first before you ran it wouldn’t you?

Make sure you do the same with hardware on your computer as well.

About Lee Munson

Lee's non-technical background allows him to write about internet security in a clear way that is understandable to both IT professionals and people just like you who need simple answers to your security questions.

Comments

  1. I remember the new hard drive virus case, cant think of the company right now but i believe those came from China, caused a mess i know that.
    While it does happen i just wonder if its not a bigger problem for a big company an not so much of one for a smaller company. After all big companies produce more an at a faster pace than a smaller company would. So a big company may check 1 out of 100 where a small company may do a 1 in 10 check.
    Seems maybe they been to do a employee check to see how this was introduced into the process.

    • The hard drives in question came from Seagate I believe.

      Good point at the end there Dave – I’ve seen comment on this story in many places around the web now but not many people have stopped to consider how the malware was introduced to the USB drive in the first place.

      Insider threats, if thats what it is, are some of the hardest to deal with.

      • To me this one just has to be a insider job, or it came from the software they used to set up the USB’s. That would mean they do not always check the software programs they use.

        yes that was the one Seagate – glad i didnt buy one back then.

        ( i really need spell check myself,lol)

  2. I have to admit when i first heard about this i did get a brief laugh out of it. Then i realized how big of a problem this could be an thought that its good this isnt a common thing.
    What if these were out in the stores for sale – or were they,, makes you wonder.

    • I just think its really embarrassing when major companies do this, much like those hard drives that were shipped with a virus a couple of years back.

      If it happens to the big guys, how many smaller firms are causing end users to become infected when they buy new hardware???

Trackbacks

  1. […] This post was mentioned on Twitter by cubitouch, Lee. Lee said: What Can IBM Teach Us About USB Device Security? http://www.security-faqs.com/what-can-ibm-teach-us-about-usb-device-security.html […]

Speak Your Mind

*