Insecure USB drive or data, how to be safe?

I was thinking about danger of unknown usb drive, how do you deal with it?
I do noy mean an usb found somewere, but the tipical case where a friend give his usb with photos documents for example
We are all there because we care of privacy and security, and even if friends know it, usually they do not care too much, so this pendrive coult be a kind of drive used for 10 years in 1000 unknown computers
I feel this situation a big threat and i whould like to find a solution, i know about circlean raspi sanitizer and this is an option but a little freak one, just because imagine your sister bring you an usb and instead connect it to your pc you connext on your raspberrypi, i think she coud get ungry “don’t you trust me and blablabla”

A virtual machine could be a solution but i don’t know how much effective is because when you insert the usb drive is connected firt on your pc, and eveb if you disable automount a malicious dribe could make something dangerous (or not? I m not shure)

I’m looking for suggestion and to talk about this critical topic, what do you think and what do you do?

1 Like

Personally I don’t worry about it, but then we don’t have things like autorun/autoexec on mount in GNOME as far as I know (or at least not enabled by default), so unless a USB drive is infected in a way specifically to exploit a Linux kernel vulnerability or GVFS or Nautilus or udev/HAL/etc., I don’t think it’s currently a very high-profile and widespread issue (if at all). Maybe others in this forum know more than me on the matter, I’d be curious to know.

If you’re worried about these things, besides handing your own “known good / freshly formatted” USB key (and presuming it wouldn’t get instantly infected by a nation-state-style thing, which kinda sounds unlikely when you’re dealing mainly with friends/family for vacation photos…), this might be a case where you want to be running QubesOS for additional isolation, at the cost of convenience and usability…

in the big brother era, i do not trust even to family usb, not because of family, but because for some nation and big corps, is easy and lucrative
in a world made of people who install everything on their pc and smartphone, in a world where people are on socials and share everything, nations and big corps think are not enough and install spyware and backdoor inside drivers, firmwares, and even inside cpu.
i could understant it in a world where the average user is someone who use only free software and avoid any kind of social, but the “bad guys” do it in a world of dumb users
that’s why i’m starting to no trust nothing do not belong to me, and onestly i whould like to have devices with open firmware, becuase i can’t know what’s inside my ssd, my external hd or usb, and possible even more important the input devices as keyboard, mouse and trackball
just a bit offtopic, but i think this could be and interesting path for purism


how to be safe ? build or pay someone else to build a usb drive with a display that show each and every hidden file on it and everything that has changed since the last insertion together with harware logs and verified signatures. 100%. if you can verify all this information before it is attached to the main hardware then there is no risk.

Worth reading:

I think the easiest way would be to have a second OS on the same computer which you browse the files on then plug it into the computer whilst running the main os. Tbh a better method is self-hosting next loud and not using usb’s

thats what sandboxes are for…u safely take the risk out of exposing ur machine/VM,better yet, it should be isolated in a VM in a sandbox… untrusted zone… then u can have a look and if there is some malicious files scape the VM And spin up another! thats the point of Qubes-Whoonix-Tor Security-Privacy-anonymity!

I find that security is a rabbit hole, infinitely deep. So the question is how far do you want to go down it? How far is deep enough and beyond is just pure paranoia?

The best way to handle this is also the hardest. Learn about the technologies involved and their exploits. Go from there because how can you REALLY know your secure, if you’re don’t even understand the methods of ensuring it?

Otherwise it is simply a question of who do you trust?

I asked a related question about the Librem 5 specifically. The threat isn’t going to come from the files on the USB drive. Don’t execute anything on the drive and you’ll be pretty safe as far as that goes, assuming no kernel errors or similar. The problem is if the firmware of the USB drive itself is compromised (which is easy to do). A compromised USB drive can pretend to be a keyboard/mouse, or a network card, or any number of other peripherals. As a fake keyboard, it can pop up a 1x1 px terminal in the corner and run any commands it wants. As a fake network card, it can set your default route through it, and snoop on all your network traffic.

There is a solution to the problem, called usbguard, which makes USB devices require whitelisting similarly to how bluetooth pairing works. The downside is most people use a USB keyboard, so getting usbguard set up and configured can be a challenge. It also doesn’t prevent a rogue peripheral from doing bad things during the boot process before usbguard comes online.

This is where the USB security key the sell in conjunction with coreboot and heads would come in. Not sure if such a thing is possible on the Librem 5. Would be awesome if it booted using coreboot and heads as well.

REALLY? segmentation/isolation with cpu parameters allowing specs… to optimize OS: but always succeptable to upgrades in OS but ALL OS’s are as are the systems they are hosted on! But since I CS was only one of my three minors I here to learn and seek a better solution! Having some trying to kill you and destroy >$100,000 worth equipment, medical devices, HDTV, SUV via remote access! I think we have a larger issue than just security& privacy… but our fundamental freedom. So please enlighten everyone! Thanks in advance.