Sales of promotional USB drives could be at risk. Due to recent USB exploits available online (although not yet proven to cause any damage), sales of USB drives in the promotional products industry could take a hit. It is too soon to say how big of a hit, but it could be enormous if a serious USB attack occurs regardless of how safe the USB drive is that you sell.
Security firms are advising people not to use promotional USB drives. Gary J. Davis, McAfee chief consumer security evangelist, was quoted saying “The best practical advice McAfee can give consumers regarding the BadUSB attack is to avoid thumb drives that are not from a credible source, such as a big box retailer or they have not previously used. Additionally, we would discourage consumers from using promotional thumb drives that are given away at events.”
At first, I wasn’t even going to discuss this issue online because I don’t want to encourage people not to buy promotional USB drives. However, given the prodding from several industry people who are concerned, I decided better for us to all be informed rather than “hope for the best.”
Until someone finds a way to detect badUSB drives, expect your customers to be appropriately concerned about this issue. In fact, rather than taking a defensive approach, one might consider sharing this information openly with your clients and offering an alternative promotion if they are nervous. After all, even if you get the sale, if the clients customers don’t want or use the USB drive, it is not a good investment for them.
The most important thing a distributor of promotional USB drives can do is to work with a trusted supplier partner and receive written assurance from the supplier that USB drives are not from Phison Electronics (which is the only known USB manufacturer that appears to be at risk). You can then share this with your clients who might be concerned to help them make an informed decision.
Mashable does a great job outlining the overall issue in their article how to avoid badUSb. The top things you should be aware of:
- There is no way to determine if a USB drive could be hacked
- There is no assurance that anti-virus or anti-malware will protect someone
- There is an exploit available to the bad guys which is what makes this dangerous.
On a personal note, I have several USB drives from different promotional companies and I continue to use them. I picked up one today at the Gartner conference and will use that as well. So while I want you to be aware of this issue, I’m not yet freaked out enough to stop using promotional drives myself.
Geiger CIO Dale Denham, MAS+ provides practical insights on how you can benefit from technology in no nonsense terms. Follow him on Twitter @GeigerCIO.
