Threat analysis of portable hack tools from USB storage devices and protection solutions

Information security risks associated with Universal Serial Bus (USB) devices have been a serious issue in corporate networks after the wide adoption of USB technologies in the computing industry in 2005. Recently, the U3 USB drives have been of great interest for attackers who want to utilize USB drives as their mobile hack tools. However, beside U3 technology, attackers also have another more flexible alternative, portable application or application virtualization, which allows a wide range of hack tools to be compiled into portable format and run from USB storage devices without requiring any USB specific platform such as U3. In this paper, we provide an investigation into hack tools on U3 platform and USB platform free portable hack tools, their working mechanism, and the compilation techniques. We also provide a general description of most dangerous hack tools with their payloads which can be compiled into portable format. Finally, our proposed solution is aimed at providing the most important and concise solutions for enterprise administrators to secure their systems from portable hack tools.