What kind of remnants and other surprises can be found on used USB sticks? A team of cyber security from Abertay University in Scotland put the report to research, bought many USB sticks online and analyzed them.
Prof Karen Renaud, from Abertay’s division of cybersecurity, said the discovery was “extremely concerning. “She said: “An unscrupulous buyer could feasibly use recovered files to access sellers’ accounts if the passwords are still valid, or even try the passwords on the person’s other accounts given that password re-use is so widespread.”
Not Permanently Deleted
Almost all the USB storage devices appeared to be empty at first glance. With publicly available tools however, it is easy to retrieve information that has not been permanently deleted. The researchers found out that only 30 of the devices had been properly deleted. They were able to extract all saved files from USB sticks, with 30 they succeeded at least partially. Many of the 75,000 files recovered were checked by the scientists as a high risk rate. These included those with the passwords as well as bank statements and tax returns. Other sticks contained data with embedded addresses, which indicated trips.
The supposedly deleted files could be misused with extremely serious consequences. For example, a buyer could use the recovered files to access sellers accounts when the log in isstill valid. Blackmail attempts are also conceivable. If you simply delete information, the index will remain in memory and it will only be difficult to view it.
Blackmail attempts are also conceivable if they threatened to reveal embarrassing data about the seller. Many users are unaware that the way that devices delete files does not permanently remove them. Usually they are initially only removed from the index, making it difficult to view them.
There is freely available software that can permanently erase USB sticks, warns the researchers to be careful. If you intend to throw such a device away, it is best to destroy it with a hammer beforehand. This makes it impossible for third parties to access the information stored on it. When buying a new device, the experts recommend using an encrypted USB to reduce the risks. One thing was reassuring in the investigations by the security team. No vulnerabilities were found on the used USB sticks.