How to know if usb pendrive firmware is compromised and is spying your system?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to know if usb pendrive firmware is compromised and is spying your system?
Hello guys
I am a newbie in linux so be patient and understanding please
I have read many articles about firmware inside usb pendrives, that could actually be an exploit that could act as a trojan or backdoor and be able to monitor your system activities and take control over it.
I read that M15 in Uk have actually detected this in gift pendrives given to businessmen in China.
My main concern is if some vendors could be working with governments and spy networks to spy on the population and on businesses.
So , as I dont trust the government I would like to know if there is a way to monitor peripherals for suspect behaviour.
What security software would you recommned?
What kind of connections should I be paying attention the most?
Any guidelines and directions would be really appreciated.
I personnally think that most computeres have backdoors and exploits in the hardware itself, specially the intel machines, whose brand name kind of says it all ( intel as Intelligence )
Maybe I am too paranoid but would be great if the open hardware community could launch a crowfunded or crowdsourced initiative to asses the security of hardware.
Maybe a study been done by the open hardware community already that I am not aware of?
do you work for a governmental operation or someone that keeps secrets for the government or a company that can produce weapons of mass destruction, or even a little bit of destruction, or have sensitive material or access to sensitive material that can influence the general public?
Are you a member of the Communist party or have an affiliations with the Communist party such as even worked for PepsiCo PEP Procter&Gamble, McDonald's, Mondelez International, General Motors, Johnson & Johnson, Cargill, Alcoa, and General Electric. GE which have an existing presence in RUSSIA?
Spyware type pen drives usually employ U3 technology with small normally hidden partitions. Access to some of these partitions require input of a 32bit key which only the manufacturer knows.
Quote:
Maybe I am too paranoid
Install mmc-utils and have a look at your pen drive, here is a Debian manual page for a little reading.
After installing mmc-utils, run fdisk -l command and the hidden partitions should show up as devices. You can also run the command below and if it coughs up an error saying extcsd data don't exit, it won't spy on you. Replace the device name with that of what fdisk calls your pen drive.
Code:
mmc extcsd read /dev/mmcblk0
Last edited by Brains; 02-13-2018 at 04:02 PM.
Reason: Added info
There have been many ways to deploy usb based malware. Usually the target has to be known. Making a malware for windows won't generally work on other OS's.
Generally buying new from mainstream places. Configure you system to be up to date and run in least privileges needed.
You can get a pretty good idea from looking at what system messages are generated when you insert the device. If you see messages about something other than a mass storage device, that could indicate a problem. The output from lsusb will also show what each device claims to be.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.