Threat of the Month: USB U3


What is it?

USB U3 technology allows a user to run applications from a USB thumbdrive instead of requiring installation on the computer. When the thumbdrive is removed, all files and registry keys used by the applicationare removed from the PC, enabling portable application use.

How does it work?

The U3 technology makes the thumb drive appear as two separate deviceson the machine it's plugged into: one is the thumb drive itself, and theother device appears to the computer to be a standard CD-ROM. In thisway, the application launcher can use the autorun capability when thedrive is inserted. Unfortunately, this also allows anyone to rewrite theCD-ROM image with an alternative image and run any code.

Should I be worried?

There is a thumb-drive-based hacking tool under development that anyonecan download and place on a U3-capable USB device.

How can I prevent it?

Turn off autorun for all CD-ROM devices. Additional mitigation can bedone by third-party programs that enforce security policies for physicaldevices. Some of these programs can also combat information theft viaremovable devices by shadow-copying any data transferred to thumb drivesto a secure datastore for assessment by network administrators.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.