Questions: USB and Portable Device Security

This is a classic 'baited drive' social engineering attack. The attacker deliberately leaves an infected drive in a plausible location with an enticing label. The attack exploits human behavior — curiosity and helpfulness — not any specific software vulnerability. Even if the computer is fully patched, plugging in the drive may trigger autorun execution or the user may manually open files. The safe rule is absolute: never plug in a drive you did not purchase or format yourself.

File deletion removes the pointer (directory entry) that tells the OS where the file is stored, but the actual data bytes remain on the drive until overwritten by new data. Standard file-recovery tools can reconstruct deleted files from these remaining bytes. To truly erase sensitive data, you must securely wipe the drive (overwrite every sector with random data) or use full-drive encryption from the start — so that even recovered bytes are unreadable without the decryption key.

Answer: False

Disabling autorun closes one specific attack vector — the automatic execution of malware when a drive is connected. But it does not eliminate all risks. A user can still manually browse and open malicious files on the drive. Some firmware-level USB attacks (e.g., BadUSB) do not rely on the file system or autorun at all — they make the drive impersonate a keyboard and type commands. Social engineering remains effective regardless of autorun settings. The only safe approach for unknown drives is not to plug them in at all.

Answer: True

Operating systems use a write cache — data intended for the drive may be held in memory and written in batches for performance. 'Safely remove' flushes this cache and waits for all pending writes to complete before releasing the device. If you yank the drive mid-write, the file system metadata (which tracks where files are stored) may be partially written, leaving the directory in an inconsistent state. This can render the entire drive unreadable, not just the one file being written — a risk that the safe-eject habit eliminates at zero cost.

This is the core principle of 'encrypt-at-rest': assume the physical device will eventually leave your control (lost, stolen, or discarded), and make the data unreadable without a key you control. Secure deletion (overwriting) can also work, but it requires active effort after each use and doesn't protect data if the drive is stolen before you wipe it. Encryption-first is the correct default for portable media containing sensitive data.