LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-30-2013, 01:09 PM   #1
metaschima
Senior Member
 
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982

Rep: Reputation: 491Reputation: 491Reputation: 491Reputation: 491Reputation: 491
Do USB sticks pose a security threat ?


Here's a list of some slashdot articles mentioning malware distributed using USB sticks:
http://it.slashdot.org/story/13/11/0...to-communicate
http://hardware.slashdot.org/story/1...ugh-usb-drives
http://it.slashdot.org/story/11/12/0...-carry-malware
http://linux.slashdot.org/story/11/0...-against-linux
http://it.slashdot.org/story/10/07/1...-windows-scada
http://it.slashdot.org/story/10/07/0...rs-usb-devices
http://yro.slashdot.org/story/13/12/...obbery-of-atms
http://it.slashdot.org/story/12/07/0...in-parking-lot

There are plenty more, but I think that may be enough for now. I think it is pretty clear that USB sticks are a great way to distribute malware. Note that one of the articles even mentions Linux as being the target of one of these malware because of autorun features. Now, I do use Linux, but I don't have any autorun enabled. However, I am still concerned that USB sticks perhaps should be avoided altogether. There are always alternatives to using USB sticks, such as using a network-based data transfer or internet-based file sharing.

My other concern is that flash media contains a lot of inaccessible code running as firmware that a recent article suggests could be used for man-in-the-middle attacks:
http://www.bunniestudios.com/blog/?p=3554
Although the article mentions SD cards, all flash media have microcontrollers embedded in them, and the firmware can be updated by anyone as long as they know how to do it. Here's one example of what can be done by hacking the firmware:
http://blog.gsmarena.com/how-do-you-...ke-them-apart/

I think that USB sticks do pose a threat and I no longer use them. My question is, can using SD cards and a card reader pose a threat ? Say I want to get pictures off a digital camera. I can use gphoto2 or use a card reader, which one is safer ?
 
Old 12-30-2013, 02:56 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,873

Rep: Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488Reputation: 2488
Sticks could cause a risk when transferred from computer to computer.

Any media in any mounted form is equal as long as the OS has equal rules.

To prevent issues, use best practices.

Best practices are a large number of steps that help reduce exposure to this. One might be to limit use of usb. On top of that is making the system more hardened and push user rights to the most basic needed. Some distro's don't allow a common user to mount a usb. Learn and use as many best practices as you can.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] "read-only filesystem" error on USB sticks = bad sticks? newbiesforever Linux - General 4 09-26-2013 04:33 PM
Users with 'nologin' shell ! Can it pose any security threat ? zama Linux - Software 1 06-11-2013 02:27 AM
LXer: Schneier: government, big data pose bigger Net threat than criminals LXer Syndicated Linux News 0 02-25-2012 07:50 AM
BlackBerrys pose 'security risk' say UAE authorities Jeebizz Linux - News 0 07-26-2010 08:40 AM
Exactly what kind of threat does Microsoft pose to Linux? FlGator81 General 15 12-04-2008 07:18 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration