Would you plug a random USB stick into your computer? According to a new study by researchers from the University of Illinois Urbana-Champaign, plenty of us are still morons and would do exactly that.
To work out just how dumb we are, the team littered 297 USB drives around their university’s grounds—in lecture theaters, parking lots, cafes, study areas and what have you. Then, they... waited.
On the USB stick were a series of HTML files that were disguised to look like regular old files of notes, documents and photo albums. But if someone inserted a drive into their internet-connected computer and opened the files, the researchers were alerted. And alerted they were, because 45 percent of the USB stick were dutifully picked up, inserted into computers and rummaged through. (They may have missed some, of course, if the computers weren’t online at the time.)
The schmucks that had opened files were told in a browser window that they were part of an experiment at this point and asked to fill out a survey. Less than half did, and excuses for picking up the stick ranged from simply being nosey to, err, needing a USB stick. But generally the team found that most people simply wanted to reunite the stick with its owner—or at least, that’s what they claimed in the survey. The findings are being presented at the 37th IEEE Symposium on Security and Privacy in California
So, are the staff and students of Illinois Urbana-Champaign just not particularly tech-savvy? Not according to the team. “These individuals are not technically incompetent,” write the researchers, “but are rather typical community members who appear to take more recreational risks than their peers.” The study certainly showed that many understood the risks involved: While some people did use their own computer to open the files, many used library computers for the job. Not good for the University, but some small victory for personal security.
It goes without saying that you should not insert random USB sticks into your computer.