At every Black Hat you will inevitably hear hackers boasting that they can break into any company by dropping a malicious USB drive in the company's parking lot. This anecdote has even entered mainstream culture and was prominently featured in the Mr. Robot TV series. However despite its popularity, there has been no rigorous study of whether the attack works or is merely an urban legend. To answer this burning question and assess the actual threat posed by malicious USB drives, we dropped nearly 300 USB sticks on the University of Illinois Urbana-Champaign campus and measured who plugged in the drives. And oh boy how effective that was! Of the drives we dropped, 98% were picked up and for 48% of the drives, someone not only plugged in the drive but also clicked on files. Join us for this talk if you are interested in physical security and want to learn more about the effectiveness of arguably the most well known anecdote of our community. We will provide an in-depth analysis of which factors influence users to pick up a drive, why users plug them in, and demo a new tool that can help mitigate USB attacks.
Elie Bursztein leads Google's anti-abuse research, which invents ways toprotect users against cyber-criminal activities and Internet threats. Eliehelped redesign Google's CAPTCHA to make it easier, and made Chrome on Androidsafer and faster by implementing better cryptography. Recently he got the bestpaper award for his research on Secret Questions at WWW 2015 and malicious Adsinjectors at S&P; 2015\. He also received the IETF Applied NetworkingPrize for his work on email security. Elie was born in Paris, France, wearsberets, and now lives with his wife in Mountain View, California.