To find out how stupid people really are, the research team littered 297 USB drives around their university’s grounds—in lecture theaters, parking lots, cafes, study areas and what have you. Then, they… waited. On the USB stick were a series of HTML files that were disguised to look like regular old files of notes, documents and photo albums. But if someone inserted a drive into their internet-connected computer and opened the files, the researchers were alerted. The researchers were in a surprise because around half of the thrown USB stick were dutifully picked up, inserted into computers and explored. Based on their findings, the researchers have penned a paper titled “Users Really Do Plug in USB Drives They Find“. The researchers asked the people who had used the discarded USBs to fill out a survey and give reasons for picking up the discarded USB stick. Less than half did, and excuses for picking up the stick ranged from simply being nosey to, err, needing a USB stick. But generally the team found that most people simply wanted to reunite the stick with its owner—or at least, that’s what they claimed in the survey. The findings are being presented at the 37th IEEE Symposium on Security and Privacy in California Some of the ragpickers dutifully scanned the sticks with a anti-virus first before proceeding.
16% scanned the drive with their anti-virus software. 8% believed that their operating system security features would protect them, e.g., “I trust my MacBook to be a good defense against viruses”. 8% sacrificed a personal computer or used university resources to protect their personal equipment.
“These individuals are not technically incompetent,” write the researchers, “but are rather typical community members who appear to take more recreational risks than their peers.”