Nowadays personal laptops, and state of the art IoT devices still handle USB ports. Either for battery charging purposes or as data buses. The first functionality is quite difficult to eliminate, even though wireless charging technology is available now. 

But let's focus on the second one, shall we?

And you dear readers are probably wondering why we should remove this very useful capability of our devices and laptops.

A revisit to a historical point here should be done. In June 2010 Stuxnet worm was discovered,  when a Belarusian security company named VirusBlokAda found it on a computer in Iran. At first, it appeared to be a complex and unusually advanced malware.

Now digging a little bit more into this matter.

Stuxnet's primary target was Iran's nuclear program, particularly the uranium-enrichment facility in Natanz. It was designed to sabotage Iran's efforts to develop nuclear weapons.

While the creators' identities remain officially undisclosed, it is widely believed that Stuxnet was developed as a collaborative effort between the U.S. and Israeli governments. This was neither confirmed nor denied by the involved parties.

Stuxnet was primarily spread by infected USB drives. When an infected USB drive was inserted into a computer, the worm exploited several vulnerabilities to gain access.

So, here is the important thing in our story. Maybe more technical boring stuff should be bring for you dears readers to know:

Stuxnet used several zero-day vulnerabilities, meaning they were previously unknown and unpatched. These vulnerabilities targeted Windows operating systems and allowed the worm to propagate and execute malicious code. Lets list some of the officially known, shall we?

MS08-067 (CVE-2008-4250): Stuxnet leveraged a critical Windows Server service vulnerability known as MS08-067. This vulnerability allowed remote code execution, enabling Stuxnet to spread across networks by infecting Windows systems that had not patched this vulnerability.

Shortcut LNK Files (CVE-2010-2568): Stuxnet exploited a vulnerability in the way Windows handled shortcut (.LNK) files. When a user opened a folder containing a malicious shortcut, the worm could execute arbitrary code. This technique was used to spread via infected USB drives.

Print Spooler Vulnerability (CVE-2010-2729): Stuxnet also targeted a Windows Print Spooler vulnerability (CVE-2010-2729), which allowed remote code execution. By exploiting this flaw, Stuxnet could spread within networks.

Privilege Escalation (CVE-2010-2772): Stuxnet used a Windows privilege escalation vulnerability (CVE-2010-2772) to gain higher privileges on infected systems. This privilege escalation allowed it to execute code with greater system access.

Zero-Day Exploits: While the above vulnerabilities were known and had patches available, Stuxnet also employed at least two zero-day exploits—vulnerabilities that were not previously known or patched at the time. These zero-day exploits targeted Windows components and allowed the worm to propagate stealthily.

Windows Shell Shortcut Parsing (CVE-2010-2568): As mentioned earlier, Stuxnet used a zero-day exploit related to the way Windows parsed shortcut files. This made it effective in spreading via USB drives.

Print Spooler Vulnerability (CVE-2010-2729): In addition to the known Print Spooler vulnerability mentioned above, Stuxnet used a zero-day exploit related to the same component. This allowed it to target networks and propagate within them.

Going straight forward into the aftermath:

Physical Damage: Stuxnet caused significant damage to Iran's nuclear program by disrupting its centrifuges. It set back Iran's nuclear ambitions by several years.

Escalation of Cyber Warfare: Stuxnet marked a new era of cyber warfare, where nation-states began using malware as a tool of geopolitical conflict. It highlighted the potential for physical damage through cyberattacks.

Increased Cybersecurity Awareness: The discovery of Stuxnet led to increased awareness of the importance of cybersecurity in critical infrastructure, such as power plants and nuclear facilities.

International Tensions: The Stuxnet incident contributed to international tensions, particularly between Iran and the U.S. and Israel. It also raised questions about the ethics and legality of state-sponsored cyberattacks.

Back now to the USB situation. This pivotal and historical event should give us enough reasons to ban the USB ports functionality for good. But 14 years later we are still handling those in organisation computers, in top enterprise executive laptops, in shop floors and production lines, you name it. 

You probably are thinking that wireless communication still represents a risk, and the need to collaborate within companies, government agencies and so on, requires an easy way for information to travel, right? 

Drop Boxes, collaborative enterprise sites, intranet information sharing applications. There! No more excuses, USB in users laptops are no more needed. 

In retrospect, both wireless and USB communication are risky if we are not cautious enough. But if we could ban the USB, the threat and likelihood will drop 50%. So why are we still giving the laptop users the chance to drop info into an USB and take it wherever they want? Or even more scary, the opportunity to input malicious code into their computers, the very gate to our digital kingdom.

Sources and further reading.

Weinberger, S. (2011). Computer security: Is this the start of cyberwarfare? Nature, 474(7350), 142–145. https://doi.org/10.1038/474142a

Stuxnet worm attack on Iranian nuclear facilities. (n.d.). http://large.stanford.edu/courses/2015/ph241/holloway1/

NIST. (n.d.). NIST. https://www.nist.gov/search?s=stuxnet&index=www-nist-gov-publications