What is a Honey Stick?
A Honey Stick is the name I use to describe any Mobile Storage Device, such as a USB Flash Memory Drive, configured in a way that is designed to do specific things when found and viewed by individuals who use it. In its most dangerous form, a Honey Stick could carry viruses or Trojan Horse programs. But it may only be configured to “phone home” in case it is lost by its original owner, and is picked up by another individual and inserted into a computer that is connected to the Internet. There are many scenarios in between these that rely on a user inserting the device in to a computer to see what’s on it.
Other examples of devices that can be configured as Honey Sticks are: Memory Cards (SD, Memory Stick, FlashMedia, XD, etc.), and even iPods, MP3 Players, Digital Cameras, Digital Picture Frames, or other electronic devices such as toys and PDAs. Virtually anything with digital memory and a connector can be configured this way.
The most important thing to know is that any device you pick up can be risky to connect to a computer. There are even examples of brand new Digital Picture Frames being sold with Trojan Horse programs already on them. The questions arise, what can you trust, and how do you protect yourself?