Most people around here probably know that using USB peripherals is a giant security risk; however, in normal life it's pretty hard not to use them, at least if you're interfacing with the rest of humankind.
So imagine this scenario: someone, who is probably a good actor gives you a USB drive with some data on it. You want to transfer this data to your computer. You have modest ability to be paranoid, e.g., you could have a spare computer, some kind of dongle, whatever. You don't, however, have the ability to be extremely paranoid (e.g., you get a disposable computer for each USB you plug in.)
What should you do? I'm looking for practical advice to solve a practical problem.
Boot up the latest Tails and open from there. Copy and paste desired files from dirty drive to clean one.
If you're super-paranoid repeat with a different OS with different hardware (like OpenBSD on a Raspberry Pi) to copy from clean drive to a new, even cleaner one.
Great answer. Not an expert but I would also feel better if the hardware device was not connected to any network when the drive is inserted. For sure not the Internet.
The worry for this is if it's a device that poses a physical attack via a capacitor or something -- you've probably seen the videos of how they actually fry the circuity of the computer you plug them into.
Hmm, not an electrical engineer but maybe a USB hub? The capacitor thing seems far less likely than normie who's machine is silently infecting peripherals.
That seems plausible to me, too -- any actual EEs care to weigh in if one of those weaponized electrical charge USB sticks would still kill your computer through a hub?
Lend it to a government worker, let them plug it in at work and report back about what happened.
It's a win-win.
Qubes OS is highly recommended for securely handling USB drives due to its robust isolation capabilities. It segregates applications into separate virtual machines, ensuring that malware from a USB cannot compromise your entire system. This isolation helps maintain security without sacrificing usability, making it a top choice for those concerned with digital security.
Alternatively, using a bootable OS like Tails or a live Linux distribution provides a temporary, secure environment for safely checking and transferring files from a USB drive. These systems don't affect your main operating system, as they run independently from a USB or CD and automatically erase traces of their use upon shutdown.
I would use a cheap raspberry pi for such cases.
Your question reminded me yet another useful small device for safe charging, a usb condom like this one https://www.paralelnipolis.cz/en/shop/usb-condom/
Ha, I never heard of such a thing before -- thank you! That solves a different problem I didn't think to ask about :)
https://upload.wikimedia.org/wikipedia/commons/thumb/8/8a/Dead_Drops_by_Aram_Bartholl_sthemessage_in_Kunstenlab_%286636685395%29.jpg/220px-Dead_Drops_by_Aram_Bartholl_sthemessage_in_Kunstenlab_%286636685395%29.jpg
https://en.wikipedia.org/wiki/USB_dead_drop
Come on! You know can not resist to see what is on me.
That's a person who understands my kryptonite.
I'm guessing, from what I've read in passing from people who know what they are talking about, I'm not an expert. Get a weird device, that is unlikely to have anything the exploit is expecting. Load an OS with a sandbox mode. Keep a bunch of testing software on that device. I think there's some way to see if the data's state has changed before and after plugging it in, or an OS that doesn't allow it's state to change.
I have a bunch of old usb sticks given away at conferences that I've never plugged in because I've never thought to ask this.
Help me out - what's the specifics of what a compromised USB peripheral might do?
Execute any code on your machine. Because of the way USB has access to pretty deep hardware internals, whilst OS software tries to prevent this, it's a massive security issue.
The stuxnet worm famously infected Iranian machines which were air gapped because CIA agents left usb sticks on the ground in car parks near nuclear facilities. All it took was one curious researcher to pick one up and plug it into their machine.
Yes, this.
Basically, for the OS, something you plug into an USB slot can be anything which includes keyboards. The OS has to trust the device plugged in that it is what it says it is. Since there is basically no way to prevent plug and play without making the UX abysmal[1], USB sticks can pretend to be keyboards and execute keystrokes when you insert them which includes opening reverse shells. With a reverse shell, the attacker now has full control of your machine (except root if you have a strong root password etc).
This is what rubber duckies do: https://shop.hak5.org/products/usb-rubber-ducky
If you are really plugging in a keyboard, you just want it to work immediately since you might have no other human interface device. ↩
That was long thought to be the attack vector, but new information recently became public: Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility
open in a sandbox environment
You lost me at "strange" usb device. 😂
Your coworkers or friends never hand you a USB drive? I'm not talking about picking it up from the floor of a Russian brothel.
haha--no, I tell them to drop the file in the cloud and I'll get them that way. I work with people remotely anyway :)
Ah, yes. That would be preferable.
I have a cheap solution. I have Kali Linux installed on my 8GB USB drive. When I get something like that, I'm disconnecting my SSD from my hardware, plugging my Kali USB, booting the Kali from USB and after that I'm using "strange" USB. I also have another layer of security on top of that. After I finish my job, I'm booting from my security HDD to scan things and see everything is well. After that, I'm booting from my main SSD. I got a switch for these type of things.
deleted by author
We're in the same shameful boat, I admit. Part of the reason I needed to ask this question in the first place :/
Don't confuse old laptop with old software. You definitely want to run the latest version of whatever you run.