- Journalists covering President Donald Trump’s meeting with North Korean leader Kim Jong Un in Singapore this week were given free USB-powered fans as a gift.
- Security experts say anyone who plugs the fans in is at risk of getting hacked.
Journalists covering this week’s summit between President Donald Trump and North Korean leader Kim Jong Un in Singapore were given a fun gift bag containing a water bottle, a trial to the Straits Times newspaper, and a tourism guide to the island where the leaders’ meeting took place.
It also included a tiny fan that plugs into a mini-USB port or iPhone Lightning port for power, according to tweets from the historic summit.
It could be a nice gesture from the hosts. As the Dutch journalist Harald Doornbos wrote in a tweet about the fan, “it is pretty hot here in Singapore,” according to a translation from the BBC.
13/ Handig. In de persmap voor de #KimTrumpSummit zit een mini usb fan. Handig om koel te blijven tijdens het schrijven. Het is hier in Singapore idd vrij heet. 33°C of zo. Maar haalt het niet bij Dubai, koning van de oven. pic.twitter.com/6tQd5d7gCW
— Harald Doornbos (@HaraldDoornbos) June 10, 2018
Media goody bag: Mini USB fan, hand-held fan with #TrumpKim on either side to blow around all the hot air…. and a fun guide to Sentosa. NB: that's not the delegations playing beach volleyball. pic.twitter.com/fbdKVzr0Cn
— Amanda Drury (@MandyCNBC) June 10, 2018
But security experts around the web warned that the fan may not just be a way to stay cool. It could be a Trojan horse designed to steal data from any journalist who plugged the fan into his or her device.
Anything that plugs into a USB port could allow an attacker to get malicious software onto your computer. It’s how the notorious Stuxnet worm infected its targets, and many big companies worried about information security forbid their employees from plugging anything into a USB port.
Twitter exploded with security experts telling journalists not to plug the fan in. It could install keylogger software, or hack their email, they warned:
So, um, summit journalists. Do not plug this in. Do not keep it. Drop it in a public trash can or send it to your friendly neighborhood security researcher. Call any computer science department and donate it for a class exercise. I’d be glad to take one off your hands, btw. https://t.co/vz8xjUIjVz
— Barton Gellman (@bartongellman) June 11, 2018
A free USB fan for journalists covering talks in Singapore, how cool! (Because it’s impossible for USB devices to spread malware or exfiltrate data, right?) https://t.co/Hin3erdWbQ
— Stephen Cobb (@zcobb) June 10, 2018
tearing into potentially-bugged things is my jam. anyone I know in SG for summit get one they have not already thrown away? (DM) https://t.co/xd43HZOk6f
— Will Strafach (@chronic) June 12, 2018
If you're thinking "I need to stay cool, I could use one of these," come talk to me. I'll kick you in the shin really hard. Then the ice you use to reduce swelling will keep you cool. Bonus: the medical bills will cost less than the inevitable incident response this thing brings. https://t.co/w8FV9BSBkA
— Jake Williams (@MalwareJake) June 11, 2018
This is a pretty obvious way to break into journalist's laptops. Hope you didn't bring your primary device. https://t.co/PFVApZ1cPJ
— CS (@hiergiltdiestfu) June 11, 2018
North Korea has become a hacking superpower in recent years, according to The Wall Street Journal. The country has been linked to attacks like the “Wannacry” ransomware. But North Korea has no known connection to the fans,according to the BBC.
Of course, the USB fan could just be that – a way to stay cool at a hot summit. But it’s probably not worth the risk to find out.