Insecure USB drive or data, how to be safe?


I was thinking about danger of unknown usb drive, how do you deal with it?
I do noy mean an usb found somewere, but the tipical case where a friend give his usb with photos documents for example
We are all there because we care of privacy and security, and even if friends know it, usually they do not care too much, so this pendrive coult be a kind of drive used for 10 years in 1000 unknown computers
I feel this situation a big threat and i whould like to find a solution, i know about circlean raspi sanitizer and this is an option but a little freak one, just because imagine your sister bring you an usb and instead connect it to your pc you connext on your raspberrypi, i think she coud get ungry “don’t you trust me and blablabla”

A virtual machine could be a solution but i don’t know how much effective is because when you insert the usb drive is connected firt on your pc, and eveb if you disable automount a malicious dribe could make something dangerous (or not? I m not shure)

I’m looking for suggestion and to talk about this critical topic, what do you think and what do you do?


Personally I don’t worry about it, but then we don’t have things like autorun/autoexec on mount in GNOME as far as I know (or at least not enabled by default), so unless a USB drive is infected in a way specifically to exploit a Linux kernel vulnerability or GVFS or Nautilus or udev/HAL/etc., I don’t think it’s currently a very high-profile and widespread issue (if at all). Maybe others in this forum know more than me on the matter, I’d be curious to know.

If you’re worried about these things, besides handing your own “known good / freshly formatted” USB key (and presuming it wouldn’t get instantly infected by a nation-state-style thing, which kinda sounds unlikely when you’re dealing mainly with friends/family for vacation photos…), this might be a case where you want to be running QubesOS for additional isolation, at the cost of convenience and usability…


in the big brother era, i do not trust even to family usb, not because of family, but because for some nation and big corps, is easy and lucrative
in a world made of people who install everything on their pc and smartphone, in a world where people are on socials and share everything, nations and big corps think are not enough and install spyware and backdoor inside drivers, firmwares, and even inside cpu.
i could understant it in a world where the average user is someone who use only free software and avoid any kind of social, but the “bad guys” do it in a world of dumb users
that’s why i’m starting to no trust nothing do not belong to me, and onestly i whould like to have devices with open firmware, becuase i can’t know what’s inside my ssd, my external hd or usb, and possible even more important the input devices as keyboard, mouse and trackball
just a bit offtopic, but i think this could be and interesting path for purism


how to be safe ? build or pay someone else to build a usb drive with a display that show each and every hidden file on it and everything that has changed since the last insertion together with harware logs and verified signatures. 100%. if you can verify all this information before it is attached to the main hardware then there is no risk.


Worth reading:


I think the easiest way would be to have a second OS on the same computer which you browse the files on then plug it into the computer whilst running the main os. Tbh a better method is self-hosting next loud and not using usb’s