19.11.20: cyb/sec/how to avoid malware on flash drives:
co.quora:
. any computer is prone to infections from
visiting malware-infected websites or pdf's;
most usb peripherals contain firmware
that can be infected with malware,
so that a website can infect computer firmware;
then it can infect your flash drive firmware
which can then infect other computers.
. a Chrome OS device (eg, chromebook)
has verified boot which ensures
(chromebook #ChromeOS #VerifiedBoot)
that its firmware has not been reprogrammed;
so, your USB flash drive 's best chance of
permanently being free from infections
is if you store your data in the cloud, such as on “drive.google.com”
then reboot your chromebook,
then download data from the cloud onto your flash drive;
then don't use that flash drive on another computer
except another rebooted chromebook.
. also, don't open any files or use the internet
while the flash drive is connected.
. but there might vulnerabilities in
the Chrome OS files.app thumbnail generator
so I simply don't rely on flash drives.
. since having my Apple imac infected by
(#Apple #iMac #badBIOS #malware)
BadBIOS firmware infecting malware,
(#badBIOS @dragosr vs Mac, Linux and PC)
I do all my internet work on a chromebook,
and keep my data on google drive,
plus I keep local backups on flash drive
but I haven't actually tested that yet (dread).
. my Windows pc uses internet very little,
just for updates and software installs,
and pulling in some data from
Microsoft's free cloud storage “onedrive.live.com”.
. some believe the deep state designed it this way
because they want us to store data in the cloud
so it is easier for them to do anti-terrorism surveillance,
because getting a warrant for online data
is much easier than for local data.
. when the media has said that malware is
so sophisticated it must have been state-sponsored,
they really mean the hackers actually needed
state power to pry secrets from private companies
that allow them know about or cause vulnerabilities
and know how to reprogram all firmware.
David Schneider 2014:
USB Flash Drives Are More Dangerous
Than You Think.
Security Research Labs in Berlin wrote
(Overview - BadUSB Exposure - SRLabs Open Source Projects)
“BadUSB—On accessories that turn evil.”
(Black Hat USA 2014)
which says that not flash drives
but many other types of USB peripherals
can spread malware because
they incorporate USB-controller chips
that themselves can be reprogrammed
to infect other firmwares on the computer
or in its other peripherals.
. there is really no way to protect against such attacks
until the manufacturers of USB devices
engineer their products so the USB-device firmware
simply cannot be modified
or so that modification requires some
concrete action from the user
—a button push or temporary jumper placement.
IBM Jon Larimer 2011:
Beyond Autorun: Exploiting
vulnerabilities with removable storage
There's a lot of code that runs between
the USB drivers and the desktop software
that renders icons and thumbnails for files,
providing hackers with a rich landscape of
potentially vulnerable software to exploit.
. in 2008 the U.S. Strategic Command
banned all removable storage devices,
including floppy disks and USB drives.
[Shachtman, Noah. 2008:
Under Worm Assault, Military Bans Disks, USB Drives.]
Finally, in 2010, the Stuxnet worm was discovered
using a vulnerability in the Windows
LNK file shell icon handler
to infect PCs from USB devices, even with AutoRun disabled.
The vulnerability allowed the execution of an
arbitrary DLL file on a removable storage device
without relying on the AutoRun feature.
What is important to understand is
the reason this vulnerability exists
– because Windows (and other operating systems)
will render custom icons for certain files
when displaying them in a folder on the desktop.
The custom icon code will sometimes parse file content
in order to determine what icon to display
and a malicious file can exploit a vulnerability
in that icon handling code.
. there are many features in both Windows and Linux
that parse untrusted content present on USB drives,
even with minimal or no user interaction,
the threat posed by these devices is greater than many people think.
Exploit mitigation technologies developed by OS vendors
definitely raise the bar for exploit writers,
but they aren't 100% effective.
David Kushner 2013:
The Real Story of Stuxnet.
Stuxnet was a worm (spreads on its own),
that compromised some sort of firmware:
programmable logic controllers.
The LNK [a file shortcut in Microsoft Windows]
vulnerability was used to spread via USB sticks.
The shared print-spooler vulnerability
was used to spread in networks with shared printers,
which is extremely common in
Internet Connection Sharing networks.
Flame malware was spreading through
Microsoft-encrypted Windows updates;
that is more significant than Flame itself,
because it broke world-class encryption.
Georgina Enzer 2011:
(There will be more attacks like Stuxnet: ArcSight)
Dr Prescott B Winter, CTO Public Sector for ArcSight
says attacks such as the Stuxnet worm
are likely to happen again.
Admiral Mike McConnell who is the
2011 director of National Intelligence
and before that was the director of NSA
said ‘Yes we are in a cyber-war
and we are losing'.
The use of USB keys[flash drives] with malware
was also the cause of the cyber-attack on the
Defense Dept in Afghanistan in the Fall of 2008.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment