Even computers that have been turned off may be vulnerable because a computer's memory is still active for several minutes without power. If an attacker can physically access a computer, he or she can download sensitive information directly onto a USB drive. When users buy the infected products and plug them into their computers, malware is installed on their computers.Īttackers may also use their USB drives to steal information directly from a computer. Some attackers have also targeted electronic devices directly, infecting items such as electronic picture frames and USB drives during production. When the USB drive is plugged into another computer, the malware infects that computer. The malware then downloads malicious code onto the drive.
However, these same characteristics make them appealing to attackers.Īttackers can use USB drives to infect other computers with malware that can detect when the USB drive is plugged into a computer. USB drives, sometimes known as thumb drives, are small, readily available, inexpensive, and portable, so they are popular for storing and transporting files from one computer to another. What security risks are associated with USB drives?