Using trusted USB drives that you own on your up-to-date, well-secured operating system is one thing, but what if your best friend stops by with their USB drive and wants you to copy some files to it? Does your friend’s USB drive pose any risks to your well-secured system, or is it just baseless fear?
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
Image courtesy of Wikimedia Commons.
The Question
SuperUser reader E M wants to know what the dangers of an untrusted USB drive could be:
If you have a system that is up to date and well-secured, are there any risks from an untrusted USB drive if you only plug it in and copy files to it, but do nothing else?
What about if I do this in Linux (say, Ubuntu)? Please note that I’m looking for details of specific risks (if any), not “it would be safer if you don’t do this”.
The Answer
SuperUser contributors sylvainulg, steve, and Zan Lynx have the answer for us. First up, sylvainulg:
Followed by steve:
And our final answer from Zan Lynx:
Bear in mind, I can attach malicious software to pretty much any sort of executable that I want, and for pretty much any OS. With AutoRun disabled you SHOULD be safe, but AGAIN, I don’t trust devices that I am even the slightest bit skeptical about.
For an example of what can do this, check out The Social-Engineer Toolkit (SET).
The ONLY way to truly be safe is to boot up a live Linux distribution with your hard drive unplugged, mount the USB drive, and take a look. Other than that, you’re rolling the dice.
As suggested by others, it is a must that you disable networking. It doesn’t help if your hard drive is safe and your whole network gets compromised.
As you can see from the answers above, there is always a possibility of risk to your system’s security, but it will depend on who (or what) has had access to the USB drive in question.
Some of the file system drivers are not bug free. Which means that a hacker could potentially find a bug in, say, squashfs, minix, befs, cramfs, or udf. Then the hacker could create a file system that exploits the bug to take over a Linux kernel and put that on a USB drive.
This could theoretically happen to Windows as well. A bug in the FAT, NTFS, CDFS, or UDF driver could open up Windows to a takeover.
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.