Dumb, Nosy People Plug in Random Found USB Drives, Study Shows
If you see a random USB stick lying around, altruism (or sheer curiosity) might motivate you to stick it into your computer, open its files, and identify the owner. Experts say this is a terrible idea, since hackers use strategically planted USB devices to gain access to computer networks. Despite this note of caution, Gizmodo reports, plenty of people plug in strange USB devices anyway, according to a new study from the University of Illinois Urbana-Champaign [PDF].
Researchers scattered 297 USB drives around the college’s grounds. The drives contained an assortment of HTML files, including notes, documents, and photos. The study’s coordinators were notified when people inserted the drives into a computer connected to the Internet and opened the files. By the study’s end, 98 percent of the dropped drives had been picked up, and 45 percent had been perused by a third party. (A few people without Internet connections might have been missed in the count.)
A browser window told the clueless computer owners that they were engaging in an experiment, and asked them to participate in a survey. Less than half filled it out, but of those respondents, 68 percent said they picked up the stick because they wanted to return it to the owner. (The rest needed a USB stick, or were simply nosy; instead of browsing a resume file, nearly half of users looked through the person’s private vacation files, Vice reports.)
How can we prevent people from plugging random USB drives into their computers? “There are no easy solutions to these problems, but they will certainly extend beyond simply the technical to include a deeper understanding of the social, behavioral, and economic factors that affect human behavior,” Matt Tischer, the study's lead researcher, told Vice in an email. “There is a difference between warning users that a particular action is dangerous and convincing them to actually avoid it. We need to close that gap.”
The study's findings will be presented at the 37th IEEE Symposium on Security and Privacy in May. The main takeaway? While it might be tempting to be a Good Samaritan, don’t open any files on a USB drive that isn't yours. What you lose in karma points, you’ll make up for with a virus-free network.