Spotify has sent a number of USB drives to reporters last week. The USBs had a note with them which said, “play me.” While it is not uncommon for reporters to receive USB drives in the post (as companies distribute USB drives which often contains promotional materials or very large files), anyone with basic security training knows that plugging in a USB drive with no precautions is a big no-no.
People over at TechCrunch have examined the drive sent by Spotify.
It was benign and contained a single audio file. “This is Alex Goldman, and you’ve just been hacked,” the file played.
The drive was just a promotion for a new Spotify podcast. Because of course it was.
Jake Williams, a former NSA hacker and founder of Rendition Infosec, called the move “amazingly tone deaf” to encourage reporters into plugging in the drives to their computers.
USB drives are not inherently malicious, but are known to be used in hacking campaigns — like power plants and nuclear enrichment plants — which are typically not connected to the internet. USB drives can harbor malware that can open and install backdoors on a victim’s computer, Williams said.
More details about this over at the site.
(Image Credit: TechCrunch)