In an article on CSO.com.au a report from Sophos Australia is reported on. The anti-virus software company had bought 50 usb drives at a public transport auction, devices left on the Sydney trains, for analyses. When they wrote that 66% was infected with malware, I presumed that they were left behind consciously, but were they?
Loss of privacy sensitive data
No, apparently not. The article was mainly on privacy issues, that people are unaware of the risks they run when not securing their devices. The article gives a summary of content lost this way. Yes, this is a very important issue. We have heard about great loss of privacy sensitive data or military secrets lost on devices (and discs) in the recent past. Cyber awareness is still at a low ebb with a lot of people.
But what if?
The article gave rise to some reflection on my part.
1. The amount of malware on the usb drives
a. Was this in place when bought or
b. Is this a clear sign of the amount of pcs/laptops infected?
2. Spreading usb drives as source of infections
With the price of usb drives as low as it is, this is a way to infect other devices quickly. Whether through infection from the manufacturer or through distributing some devices on trains and other public places.
Mandatory pre-checks. A solution?
What about issuing, by law, information on how usb devices (external hard disks, etc) can be checked before use in combination with them not working before the mandatory check? Is this feasible or technically possible? It’s worth considering if society wants to be more secure.
Wout de Natris, De Natris Consult
Leiderdorp, Thursday 8 December 2011