Does Dropping USB Drives in Parking Lots and Other Places Really Work?

Explore the effectiveness and implications of the infamous "USB drop" hacking technique in this Black Hat conference talk. Delve into a rigorous study conducted at the University of Illinois Urbana-Champaign campus, where nearly 300 USB drives were strategically dropped to measure user interaction. Discover shocking results, with 98% of drives picked up and 48% of users not only plugging them in but also accessing files. Gain insights into factors influencing drive retrieval, user motivations, and the psychology behind this social engineering tactic. Learn about various USB-based attack methods, including Human Interface Device (HID) exploits, and explore their pros and cons. Understand the ethical considerations and approval process for conducting such research. Examine the study's framework, mindset, and methodology, including labeling strategies and drop locations. Analyze the speed of drive access, key appearance impact, and most effective drop sites. Witness demonstrations of dropping keys and Metasploit payloads. Dive into the technical challenges of crafting payloads, USB fingerprinting, and creating custom USB devices. Explore defensive strategies against these attacks and consider the broader implications for physical and cybersecurity.