Thumb Drives Are Still a Security Threat: What You Need to Know

Many of the cyberattacks that get coverage in the headlines are incredibly complex. As people hear about those, they sometimes forget about the less advanced tactics a person could use to infiltrate networks, like infecting thumb drives.

An Arrested Person Carrying Low-Tech Gadgets

Most people know the Florida resort called Mar-a-Lago is one of President Trump’s favorite places to spend his downtime. So, it’s not much of a surprise that those who want to infiltrate the president’s network might start there.

Yujing Zhang is a Chinese citizen who recently got arrested at Mar-a-Lago after toting several tech gadgets in with her. She reportedly brought in four mobile phones, a laptop, an external hard drive, and a thumb drive.

A preliminary investigation showed the thumb drive contained malware, but it’s not clear what Zhang intended to do with it or the other tech gear. A grand jury indictment contained one charge of lying to a federal agent and another count of accessing a restricted area, but it did not include espionage.

Further coverage of the incident revealed that Zhang had more tech equipment back at her hotel room, including nine more thumb drives, SIM cards and a device used to detect signals emitted by hidden cameras.

Zhang got into Mar-a-Lago since her last name matched that of a club member’s surname. Mar-a-Lago managers — not Secret Service agents — decide who can enter the exclusive club. Zhang initially asserted that she was there to use the swimming pool but did not have swimwear in her bag.

A Secret Service agent who testified during Zhang’s court proceedings said that when his colleague inserted the thumb drive Zhang carried into a USB port to further examine the gadget, it immediately started installing files in a way he’d never seen happen before during such an analysis. However, the investigation failed to give conclusive findings of the purpose of the thumb drive.

Thumb Drives Are Portable and Trusted

The incident with Zhang illuminates why people must continue to see thumb drives as threats. Unfortunately, many individuals don’t, even if they’re generally tech-savvy.

A research paper concluded that many people use randomly found thumb drives. The team behind the project dropped 297 thumb drives and found that an estimated 45-98 percent of those who came across them plugged them into their computers. Most of the time, people did so to try and find information that could help them locate the owners. Sometimes, though, they looked at a drive’s contents because of mere curiosity.

Although the findings showed a broad range in the likelihood of people interacting with the thumb drives they find, it suggested that people are so familiar with them that they don’t think about the possible risks.

The portability of thumb drives is another issue. Cybercriminals could easily do the same method used by the researchers, but scatter infected thumb drives in an area such as outside an office complex. They could hide the thumb drives in a pocket and not attract suspicion from passersby.

A Giveaway Gone Wrong

Thumb drives are also popular giveaways at events like conferences. The Taiwanese government hosted a data security expo and thought thumb drives would make excellent prizes for the winners of a cybersecurity quiz. Unfortunately, a contractor connected the thumb drives to his computer to check the capacity and ended up infecting some of them with malware.

In that case, there were no impure intentions to blame. The contractor’s computer had an unknown malware issue, and the problem got transferred to some of the thumb drives. People only need to consider how common it is for a college student to use a thumb drive on a computer in their dorm room, a campus library and a computer lab or two to realize the severity of this issue in any setting.

Many people carry thumb drives on their key rings, and one of the main advantages of using that storage device is that it’s so easy to bring anywhere. That same characteristic could also help malware spread exceptionally quickly.

Staying Safe From Thumb Drive Risks

Fortunately, people have several options when it comes to remaining safe from thumb drive threats. Most malware detection software allows scanning external drives, including thumb drives. Additionally, encrypted thumb drives offer another layer of protection.

They should also think carefully before buying secondhand thumb drives. A study found that the majority still contain the past owner’s data, including sensitive material. They could also carry malware.

Handy but Not Foolproof

It’s understandable why people love the convenience thumb drives offer. However, they should take the information above into account when evaluating the possible risks.


Kayla Matthews writes about cybersecurity and technology for publications like Malwarebytes, Security Boulevard, InformationWeek and CloudTweaks. To read more from Kayla, visit her blog: