Reply to post: Re: a national newspaper, which recorded the data

Remember that lost memory stick from Heathrow Airport? The terrorist's wet dream? So does the ICO

ibmalone Silver badge

Re: a national newspaper, which recorded the data

Use a dedicated sanitizer device such as https://www.circl.lu/projects/CIRCLean/

That's a nice answer, probably does do the job (at least, it's hard to believe an arbitrary good USB flash drive could be compromised to propagate the attack further), and looks like it's from people who know what they're doing. However when there are things like this in the mix https://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/ it's hard to say that you can't attack the device, even with allowed device classes locked down (to avoid all the peripheral spoofing types of attack), especially the sanitiser is a standard computer. Once you've got control of the sanitiser you can't guarantee what's been written to the 'clean' device is safe. I might be wrong, but it seems some storage devices will accept firmware updates and presumably you need to avoid those.

An attacker who'd gained control of the sanitiser could also attempt to include filesystem handling attacks and compromised files on the output device, but those you can at least handle by analysing from a VM and wiping it afterwards. Attacks on the interface itself seem (to me) harder to deal with, since the attacker potentially has the host OS and therefore the ability to get to the BIOS and other hardware. I suppose I was hoping for some protocol level device that could buffer and sanitise the connection. Admittedly a USB firmware worm that will propagate over a Pi seems like quite a sophisticated hypothetical attack,

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019