Iris Classon
Iris Classon - In Love with Code

(Not so) Stupid Question 301:What is a candy drop or USB drop attack?

Time for another question! About a year ago we had several incidents at Lindholmen where people would find USB sticks in the parking lot. This is something often referred to as a ‘Candy Drop’ or USB Drop Attack/Hack. A convenient way to bypass security, by simply appealing to a persons curiosity and have them plug in this mysterious USB that would in turn do damage.

The damage could be auto-running software that can record keys in the background- for example when the user is typing a password. Or why not pop up a phishing site? Or HID spoofing? There are many things that can be done, even blowing up your computer according to the creator of the USBKill. Half of people would plug in a found USB (according to this study)- yikes! So, note to self: do not plug in a device that isn’t yours.

Comments

Leave a comment below, or by email.

Last modified on 2017-09-18

comments powered by Disqus