USB fan

Two separate sources have confirmed that the USB-powered fans handed out at the North Korea–United States political summit that took place on June 12 were most likely clean and not infected with malware.

The USB fans were at the center of a controversy last month when security experts feared they were carrying malware and would infect users' smartphones and computers when they'd be plugged in.

Everyone's worries came from the fact that the company that made the fans was located in China, and experts feared that Chinese spies might have had a hand into altering the shipment of USB fans that ended up in Singapore and were handed out as gifts to attendees, such as political figures and journalists.

Security experts begged for devices to test

Security experts started a hunt for the said USB fans, asking left and right on social media, trying to get their hands on some of the devices handed out at the event so that they could analyze them for malware.

Two such devices eventually made it into the possession of Dr. Sergei Skorobogatov, a Senior Research Associate in the Security Group at the Computer Laboratory of the University of Cambridge in the UK, and the Celsus Advisory Group.

Dr. Skorobogatov obtained a USB fan handed out at the summit to Leo Mirani, a journalist for The Economist, while Celsus experts obtained one via Bart Gellman, a journalist with The Washington Post.

Analyzed USB fans were free of malware

In reports published at the end of June, both reviewers reached the same conclusions —the devices they analyzed are free of malware, but that doesn't mean other USB fans handed to other persons were clean as well.

"This particular sample of USB fan does not have any computer functionality on [the] USB interface," said Dr. Skorobogatov in a two-page report. " It can only be used for driving the motor from USB power."

"However, this does not eliminate the possibility of malicious or Trojan components wired to USB connector in other fans, lamps and other end-user USB devices," Dr. Skorobogatov added. "Hence, their evaluation will be essential before any sensitive usage."

"The device that Mr. Gellman obtained seemed to be free of implants," the Celsus Advisory Group said in a report published after Dr. Skorobogatov's.

"Does this mean anything? Not particularly," the Celsus team added. "Maybe the person who received the package wasn’t a targeted [person of interest]. Maybe the system in question requires being tickled in a specific way to elicit an illicit behavior. Or perhaps none of the fans were dual purpose in nature; eg fan AND surveillance implant."

Previously, a security researcher who bought a similar USB fan from the location of the summit a few weeks before the event said that that device, too, was free of malware.

Related Articles:

US Government Takes Steps to Bolster CVE Program

Booz Allen Hamilton Researchers Detail New RtPOS Point-of-Sale Malware

Nearly 1,200 US News Sites Still Not Available for EU Users After GDPR

Andromeda Botnet Operator Released With a Slap on the Wrist

World Police Shut Down Andromeda (Gamarue) Botnet