Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-30-2013, 02:09 PM   #1
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 491Reputation: 491Reputation: 491Reputation: 491Reputation: 491
Do USB sticks pose a security threat ?

Here's a list of some slashdot articles mentioning malware distributed using USB sticks:

There are plenty more, but I think that may be enough for now. I think it is pretty clear that USB sticks are a great way to distribute malware. Note that one of the articles even mentions Linux as being the target of one of these malware because of autorun features. Now, I do use Linux, but I don't have any autorun enabled. However, I am still concerned that USB sticks perhaps should be avoided altogether. There are always alternatives to using USB sticks, such as using a network-based data transfer or internet-based file sharing.

My other concern is that flash media contains a lot of inaccessible code running as firmware that a recent article suggests could be used for man-in-the-middle attacks:
Although the article mentions SD cards, all flash media have microcontrollers embedded in them, and the firmware can be updated by anyone as long as they know how to do it. Here's one example of what can be done by hacking the firmware:

I think that USB sticks do pose a threat and I no longer use them. My question is, can using SD cards and a card reader pose a threat ? Say I want to get pictures off a digital camera. I can use gphoto2 or use a card reader, which one is safer ?
Old 12-30-2013, 03:56 PM   #2
Registered: Mar 2008
Posts: 18,557

Rep: Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778Reputation: 2778
Sticks could cause a risk when transferred from computer to computer.

Any media in any mounted form is equal as long as the OS has equal rules.

To prevent issues, use best practices.

Best practices are a large number of steps that help reduce exposure to this. One might be to limit use of usb. On top of that is making the system more hardened and push user rights to the most basic needed. Some distro's don't allow a common user to mount a usb. Learn and use as many best practices as you can.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] "read-only filesystem" error on USB sticks = bad sticks? newbiesforever Linux - General 4 09-26-2013 05:33 PM
Users with 'nologin' shell ! Can it pose any security threat ? zama Linux - Software 1 06-11-2013 03:27 AM
LXer: Schneier: government, big data pose bigger Net threat than criminals LXer Syndicated Linux News 0 02-25-2012 08:50 AM
BlackBerrys pose 'security risk' say UAE authorities Jeebizz Linux - News 0 07-26-2010 09:40 AM
Exactly what kind of threat does Microsoft pose to Linux? FlGator81 General 15 12-04-2008 08:18 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:43 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration