Why You Should Never Plug An Unknown USB Into Your Computer



You’re out in the world, doing what you do, when you stumble upon an abandoned USB flash drive. What could be inside? Perhaps it’s simply someone’s spreadsheets from work, maybe alongside some information identifying the owner, which would allow you to return it. The only way to find out is to plug it into your computer and investigate. One word of caution: Don’t do that. Sure, the USB drive you found could be perfectly innocent, unknowingly dropped by someone taking the same path as you. However, it could also be a trap, designed to prey on your curiosity. Once you plug it into your personal computer, all you’ll find on it is malware. Although it might sound like something out of the movies, people really do infect USB devices with malware and drop them for unsuspecting victims to find. Targets range big and small. One of the bigger targets involved Iran in 2010, when one such attempt infected the country’s nuclear facilities with malware, despite the entire system’s disconnection from any Internet communications. The chances of someone plugging in an unknown USB are pretty high, with one study revealing that out of nearly 300 USB drives dropped on a college campus, 98% were picked up and plugged into a computer. Avoiding connecting a strange USB device to your personal computer is simply a cybersecurity best practice, just as not reusing the same password twice helps keep your accounts safe. That said, if you can’t fight off your curiosity, you’re pretty much out of options.