39

The safest option is obvious, don't try to access its contents, but if you absolutely had to, what steps would you take to minimize/contain any potential harm to your device/network?

all 26 comments
sorted by: hot top controversial new old
[-] schizo@forum.uncomfortable.business 32 points 2 months ago

A computer I don't like very much, booted into some sort of Linux live environment, and zero network connectivity to anything: physically disabled if at all possible (like I mean a switch, not prying your wifi chipset out or whatever).

[-] seaQueue@lemmy.world 19 points 2 months ago

Linux live USB, plug the drive into a sacrificial hub that can eat a bus kill if needed

[-] watersnipje 5 points 2 months ago

A what that can eat a what?

[-] reddeadhead@awful.systems 8 points 2 months ago

I think something to protect against this https://usbkill.com/products/usbkill-v4

[-] BaroqueInMind@lemmy.one 5 points 2 months ago

They mean the USB bus. But killing the bus is a driver-level thing that the kernel controls, not the user. You can disable the port with CLI commands or a GUI depending on the OS, but killing the bus requires uninstall of the driver or manually shorting the caps directly on the mainboard, which is dumb.

[-] watersnipje 3 points 2 months ago
[-] slazer2au@lemmy.world 18 points 2 months ago

Boot a PC with no hard drives with a live CD so there is no storage to write to. connect the drive and see what there is.

[-] dotdi@lemmy.world 2 points 2 months ago

Hard drives (SSDs, etc) are not the only durable storage that can be written to

[-] Chadus_Maximus@lemm.ee 14 points 2 months ago* (last edited 2 months ago)

I would play it safe and test it on my work PC in case there's anything that can cause trouble.

[-] kaboom36@ani.social 10 points 2 months ago

I'd get a computer from my local ewaste center, strip any wireless functionality from it, load it with Linux, and use that

[-] bdonvr@thelemmy.club 9 points 2 months ago* (last edited 2 months ago)

Boot a Linux livecd on a computer with storage unattached. Connect USB through a hub.

[-] ShinkanTrain@lemmy.ml 8 points 2 months ago

Throw it into the fires that forged it

[-] Nomad@infosec.pub 8 points 2 months ago

Rpi, fresh Linux, offline.

[-] merc@sh.itjust.works 8 points 2 months ago

AFAIK computers with normal setups won't auto-run anything on a flash drive you insert. At most they'll prompt you to ask if you want to run something. (Say no.)

So, it's pretty safe to look at what files exist on the flash drive. Then you just have all the various exploits that exist with unknown files. Obviously, don't run any executables on the drive. Don't double-click on anything that looks like it's a document (say PDF or word doc) because it might not be. To be extra safe, even if it is actually a PDF or word document, don't open in the standard program (word or acrobat) because there's a slight chance it might be an actual PDF that exploits an unpatched vulnerability in that program.

If I work in Iran's nuclear program, and found this flash drive on the ground outside, I'd be a lot more cautious and maybe do some of these extremely paranoid things people here are suggesting. But, if Aunt Jenny was just over for a visit and I found a flash drive in the hallway near her room and want to check to see if it might be hers, it's probably safe just to insert the drive take a quick look and not click on anything.

[-] aard@kyu.de 23 points 2 months ago

The problem is - is it just a mass storage device? Or is it maybe also a USB keyboard that will try to enter some payload? Or maybe it even contains a radio, and can communicate with an attacker nearby?

You can't tell from the outside which protocols a USB device implements.

You can fit all of that functionality into the space of a USB-A plug - so if it is a thumbdrive you have way more space to work with than you ever need.

At minimum restrict your computer to only loading mass storage drivers - but as you quite likely habe USB input devices it is just a lot easier to investigate such a device on something like a raspberry pi.

[-] merc@sh.itjust.works 6 points 2 months ago

Or, maybe it's a tiny thermonuclear device cleverly disguised as a flash drive. Or, it might be a living, breathing creature that has evolved to mimic the look and feel of a flash drive but will detach itself from the computer and attack you at night while you're asleep.

If you're working with the Men In Black, you might have to consider these things. For the average person, it's almost certainly just a flash drive and you can take reasonable precautions and be more than reasonably safe.

[-] shalafi@lemmy.world 2 points 2 months ago

No lie. Unless it's in a dedicated corporate parking lot, just fucking plug it in. Everybody here acting like they're gonna get Stuxnetted. Yeah guys, we know the possibilities.

[-] merc@sh.itjust.works 2 points 2 months ago

Yeah. If you work for the Men in Black, and you're a regular employee the policy is going to be something like "never under any circumstances plug anything into your PC that hasn't been given to you by MiB IT staff".

If you work for the Men in Black in cybersecurity and your job might involve investigating strange USB drives handed to you by aliens, agents, spies or employees who found one in the parking lot, you probably already have a rigidly documented procedure involving a special air-gapped, locked down computer in a bomb-proof, EM-shielded, dimension-shifted room, and you don't need to ask for advice on Lemmy.

If you work for the Men in Black in cybersecurity and there isn't yet a procedure for investigating strange USB drives handed to you by aliens, agents, spies or employees who found one in the parking lot, and you're somehow in charge of creating such a procedure, you're again probably not going to be posting on Lemmy asking for tips. You're probably going to be doing deep research on various USB and USB-look-alike threat vectors. Then, write a report, have it reviewed and in a decade you'll have an ultra-safe procedure that nobody follows.

For everybody who doesn't work for the Men in Black, just plug it in and take a look, and don't do anything dumb like double clicking on "Really Just A Word.doc.exe".

There are exceptions, like if you have a psycho jealous ex who also happens to be a ruthless hacker. But, that isn't most people, thankfully.

But, this is a cybersecurity forum, and so you're going to get praised for coming up with the most outlandish possible threat vector, and the most complex and inconvenient way to counter it. Suggesting normal levels of precaution is going to get shouted down because it implies that that person isn't knowledgeable about the vaguely possible incredible threat vectors that you can prove your worth by showing you know all about.

[-] Hamartiogonic@sopuli.xyz 1 points 2 months ago

That keyboard thing was pretty clever. I would not have thought of that.

[-] kid@sh.itjust.works 7 points 2 months ago

You can use https://tails.net/ booting from another flash drive in memory only.

[-] mokancan@infosec.pub 5 points 2 months ago

Take it to the library and plug it into one of their computers.

[-] folekaule@lemmy.world 35 points 2 months ago

Please don't do this. People working at libraries aren't paid enough to deal with that bullshit.

[-] Oisteink@lemmy.world 11 points 2 months ago

We pxe boot into a custom live diskless distro that reboots after use. The network these live in is hardened.

Don’t enable usb on public computers you are not prepared to protect

[-] folekaule@lemmy.world 17 points 2 months ago

I don't. I don't work for a library, but judging from my local library branch, they don't have the funding to retain competent IT staff. This isn't about what they could or should do. It's about not being an asshole to people that are already barely hanging on with what they have.

[-] mokancan@infosec.pub 1 points 2 months ago

Am librarian. It’s ok. Nothing is going to sneak out into the wild from that USB. People plug USBs into our computers every day that are probably way worse than anything you pick up on the street.

this post was submitted on 02 Sep 2024
39 points (100.0% liked)

Cybersecurity

5742 readers
64 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !cybersecurity@lemmy.capebreton.social !securitynews@infosec.pub !netsec@links.hackliberty.org !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 1 year ago
MODERATORS