By now most everyone should have a basic understanding of computer security considering we’ve been dealing with computers for a fair amount of time. But Google has just proven that… well… some people are still stupid. In case you don’t know, it’s probably not the brightest idea to insert a USB key you find laying around someplace into your computer. Doing so could open your system to an attack and severely compromise your security. It’s normal to have human curiosity and want to know what might be on that USB key you just found randomly laying in the parking lot.
Whether people are inserting the USB key out of some voyeuristic curiosity or even if they just want to help, it’s probably just not a good idea. Elie Bursztein from Google’s anti-abuse research team was at BlackHat this week and presented an intriguing study that showed 45% of people actually do end up plugging in a found USB key. Bursztein’s team went a step further and actually labeled the USB keys to indicate what might be on the drive, such as Confidential, Keys, and Exams. Each drive was loaded with HTML files that when clicked tracked the subject and allowed the team to see that they accessed the USB key. The team also built in a pop-up survey that asked the targets if they would answer some questions as to why they picked up and used the key.
…we dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives. And Oh boy how effective that was! Of the drives we dropped, 98% were picked up and for 45% of the drives, someone not only plugged in the drive but also clicked on files.
It’s very interesting to see that despite what seems to be common knowledge, people will still submit to curiosity and plug in those USB keys anyway. Hit the links below to read more about the Google team’s research and study.
What do you think of this study? Let us know in the comments below or on Twitter, Facebook and Google+.