There are tons of ways to exploit a computer via a flash drive like that. Lots of viruses exist that would immediately install themselves upon the drive getting recognized. Famously Iran had a nuclear power plant taken offline by a random flash drive somebody plugged in, but aside from state level threats they can also just steal your financial details and personal info
USB host devices are cheap and easy to come across. You can use a crap old PC with a fresh OS install, then wipe it. Or an old phone with microUSB OTG. Or a DVD player if you only need the file list (those can usually only open JPGs, GIFs, MP3s, and MPGs or AVIs with one of the video codecs allowed on VCDs/DVDs). Even some microcontrollers will have USB host capabilities and software libraries that will let you get the file list or contents slowly over serial.
If you’re worried about “killer USBs” (data line zappers), open it and check for capacitors (and antennas in case they use Find My or LoRa for exfiltration but that would be super unlikely). Generating overvoltage inside normal-looking chips is technically possible with charge pumps and embedded capacitors but very expensive to pull off.
So let me get this straight. You live in an average size North American city with a population of about a million. There have been billions, perhaps zillions of USB thumb drives manufactured over the decades. Every day there are thousands of potential situations where a completely normal and anonymous schmuck like you and me has the right conditions to drop a USB key. Maybe you had one in your backpack and it fell out. Maybe you have a hole in your pants. This can happen every day, in every city.
So now you’re walking down the street and see a USB key on the ground, and your first thought is “IRAAAAAN!! THEY WANT TO STEAL THE $12.15 IN MY CHECKINGS ACCOUNT!!! BECAUSE THEY KNOW MY EVERY MOVEMENT AND LOCATION TO PLANT THIS LUDICROUSLY COMPLEX AND CONVOLUTED USB KEY APPROACH TO $12!!!”
I suppose you watch the news and see a picture of a coronavirus and think “My God, it’s a WWII naval mine and IT’S COMING RIGHT AT MEEEEEEE!!!”
You see a USB key on the ground, you pick it up and plug it in. The unvaccinated Russian larva can be sterilized by sunlight.
It’s more akin to clicking on every ad you see on the web. Sure you might not get a virus from lots of them but the risk is real and it’s good practice to just not do that. It’s a real and frequently exploited attack vector, it’s just good practice for anybody with a semblance of concern about digital security
…yes? What did you think it could be? A larval hidden unvaccinated Russian that will activate and drink your blood?
There are tons of ways to exploit a computer via a flash drive like that. Lots of viruses exist that would immediately install themselves upon the drive getting recognized. Famously Iran had a nuclear power plant taken offline by a random flash drive somebody plugged in, but aside from state level threats they can also just steal your financial details and personal info
USB host devices are cheap and easy to come across. You can use a crap old PC with a fresh OS install, then wipe it. Or an old phone with microUSB OTG. Or a DVD player if you only need the file list (those can usually only open JPGs, GIFs, MP3s, and MPGs or AVIs with one of the video codecs allowed on VCDs/DVDs). Even some microcontrollers will have USB host capabilities and software libraries that will let you get the file list or contents slowly over serial.
If you’re worried about “killer USBs” (data line zappers), open it and check for capacitors (and antennas in case they use Find My or LoRa for exfiltration but that would be super unlikely). Generating overvoltage inside normal-looking chips is technically possible with charge pumps and embedded capacitors but very expensive to pull off.
So let me get this straight. You live in an average size North American city with a population of about a million. There have been billions, perhaps zillions of USB thumb drives manufactured over the decades. Every day there are thousands of potential situations where a completely normal and anonymous schmuck like you and me has the right conditions to drop a USB key. Maybe you had one in your backpack and it fell out. Maybe you have a hole in your pants. This can happen every day, in every city.
So now you’re walking down the street and see a USB key on the ground, and your first thought is “IRAAAAAN!! THEY WANT TO STEAL THE $12.15 IN MY CHECKINGS ACCOUNT!!! BECAUSE THEY KNOW MY EVERY MOVEMENT AND LOCATION TO PLANT THIS LUDICROUSLY COMPLEX AND CONVOLUTED USB KEY APPROACH TO $12!!!”
I suppose you watch the news and see a picture of a coronavirus and think “My God, it’s a WWII naval mine and IT’S COMING RIGHT AT MEEEEEEE!!!”
You see a USB key on the ground, you pick it up and plug it in. The unvaccinated Russian larva can be sterilized by sunlight.
You don’t work with anything important or sensitive, we get it.
It’s more akin to clicking on every ad you see on the web. Sure you might not get a virus from lots of them but the risk is real and it’s good practice to just not do that. It’s a real and frequently exploited attack vector, it’s just good practice for anybody with a semblance of concern about digital security