Information security experts express surprise at the fact that journalists covering the meeting between US President Donald Trump and North Korean leader Kim Jong-Un in Singapore received a gift package containing USB fans.
Specialists from the International Institute of Cyber Security point out that a USB device can transport malware from one computer to another. The fans were part of a gift bag that included a bottle of water and a local tour guide. The temperature reached 33 degrees Celsius in Singapore during the meeting.
Dutch journalist Harald Doornbos posted on Twitter about the gift:
“Useful. The Trump-Kim Meeting press kit includes a mini USB fan, convenient for keeping cool while working on the PC. It’s pretty hot here in Singapore, 33 degrees or so. It’s still not as hot as in Dubai, a real oven. ”
But Alan Woodward, an information security expert at the University of Surrey, said, “For years, making people to plug in a USB device you give to them has been a classic way to bypass security measures and gain access to their machine’s software”.
“There is a saying information security: If you give someone physical access to your computer, it is no longer your computer. Using an unknown USB device means doing exactly the same thing”.
Gift packages were assembled by the Ministry of Communications and Information (MCI) in Singapore. In response, the ministry told the BBC: “USB fans were part of the stock of Sentosa Development Corporation (SDC), originally intended for members of Sentosa Islander. SDC qualified the fans as a useful and practical gift for media representatives, who would be working in Singapore’s tropical climate.
Sentosa Developement Corporation and the Ministry of Communications claim that the USB fans are simple devices with no storage or processing capabilities.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.