Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Speculation
Merits 2 from 2 users
Re: Wall Observer BTC/USD - Bitcoin price movement tracking & discussion
by
jbreher
on 26/02/2020, 18:48:11 UTC
⭐ Merited by vapourminer (1) ,AlcoHoDL (1)
Quote from: AlcoHoDL on February 26, 2020, 06:36:50 PM
Quote from: jbreher on February 26, 2020, 06:13:19 PM
Quote from: AlcoHoDL on February 26, 2020, 05:06:36 PM
When I want to read a "dangerous" USB stick, I launch my "test VM" in VMware and mount it there. AutoRun is disabled on both the host and the guest OS. Never had any issues in 25 years of Windows computing.

How can mounting a USB stick on an AutoRun-disabled VM affect your host's BIOS? Honest question, I want to know.

Well, I must admit that I don’t know all the possible attack vectors. But as one potentially eye-opening matter, your example of ‘AutoRun’ indicates you are assuming that the device identifies only as a storage class device, and that said storage device contains only a filesystem that is know to Windows.

Don’t lost track of the fact that USB is an acronym for Universal Serial Bus. That device could contain any number of USB endpoints, each implementing a different device class. What if one of the endpoints identifies as a Human Interface Device — for example a keyboard — and injects a number of commands to the system? From the users perspective, invisibly. Or even deeper, a bridge device, giving it access to the underlying I2C bus - maybe even the SMB?

What you're saying makes sense, I did assume that we were talking about a storage class device. I admit I wasn't aware of the "BadUSB" exploit. Will look it up, thanks for this. I guess I was lucky enough to not receive a "BadUSB" device (or maybe I did, and not aware of it?).

As others have pointed out, the best option is a separate, clean PC, with everything sanitized after use by restoring from known, clean images.

@jojo69, @xyzzy099, @vapourminer, also thanks -- merited.

Yeah, but who is going to maintain the discipline required to ensure any potential infection does not spread from the separate PC to others in your stable?

What does your sanitization consist of? Just filesystem drive? Just disk? How do you know you’ve not been victim of a BIOS hack, which is unlikely to be recovered from, and may propagate to other machines if you are not careful never to use same storage device between machines.

In the end, there is no perfect security. This is true. It is all a tradeoff. I guess all I’d like to advocate for are: have some idea of the risks, and; I doubt the proabability of finding satoshi’s private keys on some rando USB device found in the street is anywhere near the probability of falling victim to a simple intentional exploit.