U3 technology is designed to operate in a Microsoft Windows environment and makes it possible to save software and programs on a USB flash drive. Users can, in principle, carry around their personal workspace all in a tiny memory stick.

U3 memory sticks are, in fact, self-activating devices that, when plugged into a computer, can auto-run applications. However, this feature can also become an interesting tool in the hands of hackers, giving them the opportunity of “breaking in” to the computer. The software originally contained in the memory stick can easily be replaced by harmful code and malware. The malware then automatically runs as soon as the memory stick is inserted in the computer.

The harmful software can intercept and transmit data stored in the computer, retrieve browser histories, passwords, software product keys etc, and also be transmitted to every memory stick subsequently used on the same PC.

Even the simpler USB flash drives can generate security concerns. In any case it is important to remember that we should use USB memory devices that are trustworthy and that we can control.

It is imperative for users, particularly for companies, to be aware of the risks related to U3 technology in order to be able to tackle them. Personnel should be educated to become aware of the possible dangers. Companies have to choose security formulas that suit their specific needs and this may vary from disabling USB ports to disenabling the auto-run facility of the smart sticks, or limiting user access to certain functions on end-user systems.

Sofia Aslanidou, Insafe