50% of people will plug any old USB drive into their computers

In Elf, Santa warns Buddy “you see gum on the street, leave it there. It isn’t free candy.” The same rule applies to USB drives, people. Should you happen to find a stray USB drive lying around in the subway, parking lot, or out in front of your bus stop, your first thought shouldn’t be “man, I can’t wait to find out what’s on this thing!” It shouldn’t be, but for a lot of people that’s exactly what they’re thinking.

A group of researchers from the University of Illinois Urbana-Champaign decided to do a little experiment recently. They took 297 USB flash drives and scattered them around the campus — in the library, in classrooms, on sidewalks — wherever pedestrians might see them. Their finding? That nearly every single drive (around 98%) at least got picked up and moved. The more alarming discovery is that at least half of the sticks actually got plugged into a computer.

Okay, maybe that’s not such a big deal since not many computers today still allow programs to auto-run from a USB drive. Still, these could’ve been designed to vandalize machines rather than infect, leaving the clueless folks who discovered them with roasted USB ports or a dead mainboard.

Preventing auto-runs only neutralizes some of the risk. It doesn’t protect users who happen to take things a step further and start clicking on a drive’s contents. According to the University’s report, a terrifying 45% of people who found one of the drives opened a file. Clearly they either don’t know about malware like Stuxnet or they figure that’s the kind of thing that happens to other people.

But hey, apparently even cosmonauts make that mistake.

Leave a Reply

Captcha image