Researchers Find People Will Use Dead Dropped USB Sticks

Remember all those rules people give you when you were growing up. The rules ranged from don’t talk to people you don’t know to something as repetitive as don’t take candy from strangers. That last rule needs an update for the modern era as people seem to be picking up random USB sticks all around the world and these can quite easily be malicious USB sticks.

Dead drops have been a common tactic around the world. With organisations and governments using the tactic to drop everything from packets of documents to encrypted devices in places around the world only for select people to pick them up, with no one else even knowing that they were there.

A recent study by Elie Bursztein from Google’s anti-abuse research team showed that not only do these sometimes get picked up by random people but they plug them in and open up files without a second thought. After dropping 300 USB sticks in just the University of Illinois Urbana-Champaign campus, the study found that “Of the drives we dropped, 98% were picked up and for 45% of the drives, someone not only plugged in the drive but also clicked on files”.

The study not only placed USB sticks around the place but marked them with unique symbols identifying what may or may not be on the USBs. Simply putting some keys and a return label with the USB stick meant that only 29% of them were opened, while putting something like confidential on the storage device means that 50% of the keys were opened up, second only to sets accompanied with just keys.

Remember, if you pick up any device in the street, it’s best not to connect it to anything. You never know what might just be inside, as it won’t always be a relatively friendly research project.