USB Sticks with the U3 feature threaten the security of workstations and the enterprise infrastructure.
A technical analysis about the U3 technology on USB sticks and mitigation approaches for personal usage as well as enterprises.


Introduction
USB memory sticks can be found almost everywhere. Today, they can be seen as the replacement for floppydisks, ZIP-drives and all that kind of media. Nearly unnoticed, many of todays memory sticks contain the two characters "U3" in a symbol on the backside. Where is the difference to the old fashioned USB sticks? Do they bear any risks?

The U3 Technology A U3 USB Stick is a normal USB memory stick on first sight. Additionally it emulates a CD ROM drive with around 6MB of space. Any computer will recognize a USB disk drive and a USB CD ROM drive when this stick is plugged in. The U3 technology was developed by U3 [1], a joint venture of SanDisk and other memory vendors. U3 was created to be able to have Windows applications and their configurations always ready to run from a USB stick.

Applications which are enabled to run from a USB stick are called "Portable Applications". The U3 capable USB sticks contain a LaunchPad.zip, a LaunchU3.exe and an autorun.inf file. When the stick is plugged in, the Windows autostart feature reads the autorun.inf file like on other CD/DVD ROMs and starts the U3 launcher application. The U3 Launchpad
emulates a Windows-like start menu and controls the installation and program start of portable applications. The systems do not have to be modified and the autorun feature for CD/DVD drives is enabled by default on Windows systems. The application which is run by the autostart feature is executed with the current user.
...