USB Considered Harmful
The Universal Serial Bus (USB) has been a great success. Almost all peripheral devices such as printers, keyboards, cameras, audio devices, disk drives, wireless interfaces can be easily connected using a standard plug. And of course, USB memory sticks have become a standard way of data exchange, replacing CDs and DVDs. But exactly here is the problem. Some companies are rightfully afraid of leaking sensitive data and with the appearance of fast small USB memory sticks, the USB interface has been identified as a problem.
Together with a student, I recently visited a larger company and we carried some development boards with me. The micro-controllers on the boards are conveniently programmable via a USB interface. Unfortunately, the company has a policy that forbids anything with a USB plug to be carried out of the company (and we wanted to take some boards home again). And of course, for people sitting at the registration desk, all that matters is the USB plug form factor. We had to go through a special procedure in order to get an exception to carry our boards into the company. As part of the procedure, questions had to be answered such as whether the development boards can store data. Of course they can store data since you can reprogram the flash memory of the micro-controllers via the USB plug but for the sake of efficiency I said something that sounded like no to them. Once the boards were inside of the company, we faced the next hurdle since all USB ports of the computers were physically locked. This seems to be kind of a second defense line - even if you manage to bring in a USB device, you can’t simply connect it. Luckily, there is a person with an impressive keyring and she was able to unlock a USB port so that we could connect a board before things got locked again. We thought we are ready to go now but there was a third defense line - the BIOS had all USB ports disabled and of course the BIOS was protected so that it could not be changed. So once again we had to call someone to establish an exception so we could start with out work. Needless to say, this all took several hours of time to get sorted out.