As we have already learned nearly every high profile data breach reported this year involved a USB thumb drive associated with it.
TJX – USB drive used to load initial malware to initiate breach
http://www.informationweek.com/shared/printableArticle.jhtml?articleID=201400171
U.S. Data Breach Tally Approaches 100 Million: USB flash drive loss setting trend
http://www.watchyourend.com/2006/09/26/us-data-breach-tally-approaches-100-million-usb-flash-drive-loss-setting-trend/
Bank of Ireland: data breach repeat offender
http://blogs.zdnet.com/projectfailures/?p=1128
Every prisoner in UK victim of data breach
http://www.scmagazineus.com/Every-prisoner-in-UK-victim-of-data-breach/article/115796/
USB drives are about to become a more troubling menace. USB 3.0 wil become a reality in 2009 and USB speed is about to increase 10 fold – What used to take an hour to copy over to a USB stick will now take less then 5 minutes.
It will take time for older USB ports to be upgraded and an existing USB device will see no speed increase when used with a USB 3.0 port. But new PCs and laptops are expected to ship with USB 3.0 capabilities in 2009. Recently released details on USB 3.0 can be found here: http://www.engadget.com/tag/usb+3.0
Think about the ramifications in 2009 – a malicious person would be able to simply plug in to an unprotected PC’s USB 3.0 port and steal over 2,000 Microsoft Word documents with a 32 GB USB 3.0 stick in as little as 10 seconds. How about uploading an entire preconfigured hacking environment complete with a back-door Trojan in only 5 seconds.
Unfortunately, just as with previous generations of USB technology ease of use, performance and costs are the primary drivers in the development of this current generation of USB technology with little if any consideration for security. To listen to an audiocast I recently did on Emerging Threats and Countermeasures: Achilles Heel of Data Breach, click here.
