Skip to main content
https://www.highperformancecpmgate.com/rgeesizw1?key=a9d7b2ab045c91688419e8e18a006621

No, Spotify, you shouldn’t have sent mysterious USB drives to journalists

Last week, Spotify sent out a number of USB drives to reporters with a note: “Play me.”

It’s not uncommon for reporters to to receive USB drives in the post. Companies distribute USB drives all the time, including at tech conferences, often containing promotional materials or large files, such as videos that would otherwise be difficult to get into as many hands as possible.

But anyone with basic security training under their hat — which here at TechCrunch we do — will know to never plug in a USB drive without taking some precautions first.

Concerned but undeterred, we safely examined the contents of the drive using a disposable version of Ubuntu Linux (using a live CD) on a spare computer. We examined the drive and found it was benign.

On the drive was a single audio file. “This is Alex Goldman, and you’ve just been hacked,” the file played.

The drive was just a promotion for a new Spotify podcast. Because of course it was.

The USB drive that Spotify sent journalists. (Image: TechCrunch)

Jake Williams, a former NSA hacker and founder of Rendition Infosec, called the move “amazingly tone deaf” to encourage reporters into plugging in the drives to their computers.

USB drives are not inherently malicious, but are known to be used in hacking campaigns — like power plants and nuclear enrichment plants — which are typically not connected to the internet. USB drives can harbor malware that can open and install backdoors on a victim’s computer, Williams said.

“The files on the USB itself may contain active content,” he said, which when opened can exploit a bug on an affected device.

A spokesperson for Spotify did not comment. Instead, it passed our request to Sunshine Sachs, a public relations firm that works for Spotify, which would not comment on the record beyond that “all reporters received an email stating this was on the way.”

Plugging in random USB drives is a bigger problem than you might think. Elie Bursztein, a Google security researcher, found in his own research that about half of all people will plug in random USB drives into their computer.

John Deere earlier this year caused a ruckus after it distributed a promotion drive that actively hijacked the computer’s keyboard. The drive contained code which when plugged in ran a script, opened the browser, and automatically typed in the company’s website. Even though the drive was not inherently malicious, the move was highly criticized as malware often acts in an automated, scripted way.

Given the threats that USB drives can pose, Homeland Security’s cybersecurity division CISA last month updated its guidance about USB drive security. Journalists are among those who are frequent targets by some governments, including targeted cyberattacks.

Remember: always take precautions when handling USB drives. And never plug one in unless you trust it.

No one, not even the Secret Service, should randomly plug in a strange USB stick

Comments

Post a Comment

Popular posts from this blog

Uber co-founder Garrett Camp steps back from board director role

Uber co-founder Garrett Camp is relinquishing his role as a board director and switching to board observer — where he says he’ll focus on product strategy for the ride hailing giant. Camp made the announcement in a short Medium post in which he writes of his decade at Uber: “I’ve learned a lot, and realized that I’m most helpful when focused on product strategy & design, and this is where I’d like to focus going forward.” “I will continue to work with Dara [Khosrowshahi, Uber CEO] and the product and technology leadership teams to brainstorm new ideas, iterate on plans and designs, and continue to innovate at scale,” he adds. “We have a strong and diverse team in place, and I’m confident everyone will navigate well during these turbulent times.” The Canadian billionaire entrepreneur signs off by saying he’s looking forward to helping Uber “brainstorm the next big idea”. Camp hasn’t been short of ideas over his career in tech. He’s the co-founder of the web 2.0 recommendatio
Post a Comment
Read more

Drone crash near kids leads Swiss Post and Matternet to suspend autonomous deliveries

A serious crash by a delivery drone in Switzerland have grounded the fleet and put a partnership on ice. Within a stone’s throw of a school, the incident raised grim possibilities for the possibilities of catastrophic failure of payload-bearing autonomous aerial vehicles. The drones were operated by Matternet as part of a partnership with the Swiss Post (i.e. the postal service), which was using the craft to dispatch lab samples from one medical center for priority cases. As far as potential applications of drone delivery, it’s a home run — but twice now the craft have crashed, first with a soft landing and the second time a very hard one. The first incident, in January, was the result of a GPS hardware error; the drone entered a planned failback state and deployed its emergency parachute, falling slowly to the ground. Measures were taken to improve the GPS systems. The second failure in May, however, led to the drone attempting to deploy its parachute again, only to sever the line
Post a Comment
Read more

How the world’s largest cannabis dispensary avoids social media restrictions

Planet 13 is the world’s largest cannabis dispensary. Located in Las Vegas, blocks off the Strip, the facility is the size of a small Walmart. By design, it’s hard to miss. Planet 13 is upending the dispensary model. It’s big, loud and visitors are encouraged to photograph everything. As part of the cannabis industry, Planet 13 is heavily restricted on the type of content it can publish on Instagram, Facebook and other social media platforms. It’s not allowed to post pictures of buds or vapes on some sites. It can’t talk about pricing or product selection on others.   View this post on Instagram   A post shared by Morgan Celeste SF Blogger (@bayareabeautyblogger) on Jan 25, 2020 at 7:54pm PST Instead, Planet 13 encourages its thousands of visitors to take photos and videos. Starting with the entrance, the facility is full of surprises tailored for the ‘gram. As a business, Planet 13’s social media content is heavily restricted and monito
3 comments
Read more