Threat of the Month: USB U3 | SC Media

Threat of the Month: USB U3

January 17, 2007

What is it?

USB U3 technology allows a user to run applications from a USB thumbdrive instead of requiring installation on the computer. When the thumbdrive is removed, all files and registry keys used by the applicationare removed from the PC, enabling portable application use.

How does it work?

The U3 technology makes the thumb drive appear as two separate deviceson the machine it's plugged into: one is the thumb drive itself, and theother device appears to the computer to be a standard CD-ROM. In thisway, the application launcher can use the autorun capability when thedrive is inserted. Unfortunately, this also allows anyone to rewrite theCD-ROM image with an alternative image and run any code.

Should I be worried?

There is a thumb-drive-based hacking tool under development that anyonecan download and place on a U3-capable USB device.

How can I prevent it?

Turn off autorun for all CD-ROM devices. Additional mitigation can bedone by third-party programs that enforce security policies for physicaldevices. Some of these programs can also combat information theft viaremovable devices by shadow-copying any data transferred to thumb drivesto a secure datastore for assessment by network administrators.

prestitial ad