A group of University of Illinois researchers released a study this week that found 48% of people will plug an unknown USB drive into their computer.
To test whether hackers could use booby-trapped USBs to gain network access, last year the researchers dropped 297 USB sticks on the school’s Urbana-Champaign campus.
Of those who picked up the drives, 135 people actually opened some of the device’s files.
Educating mobile workers about the dangers of threats like unsecured Wi-Fi hotspots and visual hacking is critical to protecting the enterprise. Hackers can exploit small vulnerabilities, potentially allowing for access into enterprise systems just because of one user’s lacking security measures. And opening a unknown drive could give a hacker unfettered network access or cause a rash of malware to spread through a network.
The university researchers left an HTML file on the drives that contained an image, which allowed the researchers to determine when the file was opened. The HTML file also contained a survey asking people why they had picked up the drive and opened the files inside. Very few people said they were concerned about their security and did not take precautions before opening the drive.
As far as the motivation for opening the mysterious drives, 68% of people said they plugged in the drive in an attempt to find the owners while another 18% said they did so out of curiosity.