Security experts warn journalists of USB key malware risks.
The historic summit between US president Donald Trump and North Korean leader Kim Jong-Un has naturally been attracting a massive amount of media attention.
More than 3,000 journalists have been gathering at the meeting in Singapore, covering the major diplomatic developments as they unfold.
Press goody bag: Security risk or a way to keep cool?
Members of the press covering the event received a goody bag containing a local guidebook, a bottle of water and a handheld fan emblazoned with the North Korean leader’s face. Considering that temperatures hit 33 degrees Celsius, the fan would certainly be useful, but a second fan included in the bag has garnered some attention from infosec experts.
Media goody bag: Mini USB fan, hand-held fan with #TrumpKim on either side to blow around all the hot air…. and a fun guide to Sentosa. NB: that's not the delegations playing beach volleyball. pic.twitter.com/fbdKVzr0Cn
— Amanda Drury (@MandyCNBC) June 10, 2018
Though the mini USB fan in the bag would undoubtedly help journalists keep cool in the sweltering heat, the security community was swift to raise the red flag about the seemingly innocuous gadget.
A stark warning to Trump-Kim summit attendees
US security journalist Barton Gellman – who led coverage on the Snowden-NSA leaks a few years ago – tweeted: “Do not plug this in. Do not keep it.”
So, um, summit journalists. Do not plug this in. Do not keep it. Drop it in a public trash can or send it to your friendly neighborhood security researcher. Call any computer science department and donate it for a class exercise. I’d be glad to take one off your hands, btw. https://t.co/vz8xjUIjVz
— Barton Gellman (@bartongellman) June 11, 2018
While there is no knowledge as of yet in terms of malware present on the fan, security experts have been warning journalists and the general public about the dangers of plugging unknown USBs into their computers. While the risk is not known in this instance, USBs can be used as a covert method of malware installation. Malicious code can be added to the firmware of a USB drive as opposed to its flash memory storage, making it much more difficult to detect.
USB keys have a history of security issues
In 2014, a Wired report cited the research of Karsten Nohl and Jakob Lell, who demonstrated a series of proof-of-concept malicious software, which can be installed on a USB device to completely overtake a PC, covertly altering files installed from the memory stick and potentially redirecting the user’s internet traffic.
Although the fan may just be a way to keep the heat at bay, considering the sensitive nature of the summit and the presence of a large amount of political journalists, erring on the side of caution is obviously preferred.