A new study found that nearly half of people which will find a USB stick in the car park, will connect it to their computers.
Researchers from Google, the University of Illinois, and the University of Michigan, they “threw” 297 USB drives around the Urbana-Champaign, Illinois campus, and found that 48 percent of the USBs were plugged into a computer minutes later.
"The security community has long believed that users can fall victim to social engineering attacks by collecting and plugging in seemingly 'lost' USB flash drives," the researchers.
"Unfortunately, either from altruistic motives or from human curiosity, the user unknowingly opens a door to an attack when connecting the drive. A natural Trojan horse. ”
For the study the researchers used USB sticks which contained HTML files with embedded img tags. By opening the files, the image communicated with a remote server, allowing researchers to monitor the use of USB drives in the area.
USB sticks took a few minutes to a few hours to connect to computers.
In addition, the study found that only 16% of users bothered to scan the units with some anti-virus before opening it on their computers. 68% of respondents said they did not take any precautionary measures before joining units.
The users stated that for the most part they acted in good faith. 68% of users said they opened the removable disk to find their owner, and few of the respondents said they were planning to keep the USB.