USB flash drives are widely employed for data storage including sensitive personal or business data. Current defense strategies to protect those data mainly focus on preventing data theft when a USB drive plugs into a host computer that is infected with malware. This paper reveals a threat - attackers can produce spy USB flash drives that are able to leak the stored data via covert wireless communication without triggering security defenses on host computers. In this paper, we present SpyUSB, a USB flash drive implanted with a backscatter-based data theft hardware to demonstrate the threat of covert data theft. SpyUSB collects data from the physical layer of the communication between the host computer and SpyUSB device, which is transparent to the security mechanisms on the host computer. SpyUSB leverages backscatter communication to create a covert wireless channel. Furthermore, we explore the opportunity of covert data theft when the SpyUSB device is disconnected from the host computer using a tiny energy reservoir. Our experiment shows that SpyUSB can achieve a transmission bandwidth of up to 1,600 kbps. After unplugged from a computer, it can maintain standby for over 6 hours or continuously transmit data for 1.9 hours.