LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-13-2018, 01:13 PM   #1
hex666
LQ Newbie
 
Registered: Feb 2018
Location: spain
Distribution: lubuntu
Posts: 1

Rep: Reputation: Disabled
Talking How to know if usb pendrive firmware is compromised and is spying your system?


Hello guys

I am a newbie in linux so be patient and understanding please

I have read many articles about firmware inside usb pendrives, that could actually be an exploit that could act as a trojan or backdoor and be able to monitor your system activities and take control over it.

Here is a link to one of those articles.

I read that M15 in Uk have actually detected this in gift pendrives given to businessmen in China.

My main concern is if some vendors could be working with governments and spy networks to spy on the population and on businesses.

So , as I dont trust the government I would like to know if there is a way to monitor peripherals for suspect behaviour.

What security software would you recommned?

What kind of connections should I be paying attention the most?

Any guidelines and directions would be really appreciated.

I personnally think that most computeres have backdoors and exploits in the hardware itself, specially the intel machines, whose brand name kind of says it all ( intel as Intelligence )

Maybe I am too paranoid but would be great if the open hardware community could launch a crowfunded or crowdsourced initiative to asses the security of hardware.

Maybe a study been done by the open hardware community already that I am not aware of?

I hope someone can answer

Thank you


Last edited by hex666; 02-13-2018 at 01:15 PM.
 
Old 02-13-2018, 01:29 PM   #2
BW-userx
LQ Guru
 
Registered: Sep 2013
Location: MID-SOUTH USA
Distribution: Slackware 14.2 / Slackware 14.2 current / Manjaro
Posts: 6,402

Rep: Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239Reputation: 1239
do you work for a governmental operation or someone that keeps secrets for the government or a company that can produce weapons of mass destruction, or even a little bit of destruction, or have sensitive material or access to sensitive material that can influence the general public?

Are you a member of the Communist party or have an affiliations with the Communist party such as even worked for PepsiCo PEP Procter&Gamble, McDonald's, Mondelez International, General Motors, Johnson & Johnson, Cargill, Alcoa, and General Electric. GE which have an existing presence in RUSSIA?

Last edited by BW-userx; 02-13-2018 at 01:37 PM.
 
Old 02-13-2018, 03:53 PM   #3
Brains
Member
 
Registered: Apr 2009
Distribution: Debian testing
Posts: 555

Rep: Reputation: 101Reputation: 101
Spyware type pen drives usually employ U3 technology with small normally hidden partitions. Access to some of these partitions require input of a 32bit key which only the manufacturer knows.
Quote:
Maybe I am too paranoid
Install mmc-utils and have a look at your pen drive, here is a Debian manual page for a little reading.
After installing mmc-utils, run fdisk -l command and the hidden partitions should show up as devices. You can also run the command below and if it coughs up an error saying extcsd data don't exit, it won't spy on you. Replace the device name with that of what fdisk calls your pen drive.
Code:
mmc extcsd read /dev/mmcblk0

Last edited by Brains; 02-13-2018 at 04:02 PM. Reason: Added info
 
1 members found this post helpful.
Old 02-13-2018, 04:57 PM   #4
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,254

Rep: Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728Reputation: 2728
There have been many ways to deploy usb based malware. Usually the target has to be known. Making a malware for windows won't generally work on other OS's.

Generally buying new from mainstream places. Configure you system to be up to date and run in least privileges needed.
 
Old 02-14-2018, 10:11 AM   #5
Habitual
LQ 5k Club
 
Registered: Jan 2011
Location: Yawnstown, Ohio
Distribution: High Sierra
Posts: 9,061
Blog Entries: 37

Rep: Reputation: Disabled
Quote:
Originally Posted by hex666 View Post
Maybe I am too paranoid
I think you are.
Reading can be scary, depending on the source and the motive for publication.
Sensationalism is rampant. It drives traffic.

One place I trust is https://krebsonsecurity.com

Frankie says R.E.L.A.X.
 
Old 02-14-2018, 06:20 PM   #6
rknichols
Senior Member
 
Registered: Aug 2009
Distribution: CentOS
Posts: 3,943

Rep: Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719Reputation: 1719
You can get a pretty good idea from looking at what system messages are generated when you insert the device. If you see messages about something other than a mass storage device, that could indicate a problem. The output from lsusb will also show what each device claims to be.
 
Old 02-17-2018, 04:01 AM   #7
AwesomeMachine
LQ Guru
 
Registered: Jan 2005
Location: USA and Italy
Distribution: Debian testing/sid; OpenSuSE; Fedora; Mint
Posts: 5,176

Rep: Reputation: 945Reputation: 945Reputation: 945Reputation: 945Reputation: 945Reputation: 945Reputation: 945Reputation: 945
If the drive has been in your custody at all times, it should be safe.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
correct command (as I am a newbie in linux) on how to copy the missing firmware saved to USB drive stick to /lib/firmware/ sarksloane Linux - Newbie 12 12-24-2017 10:56 AM
Reuters: Kaspersky discovered spying software in hard drives firmware w1k0 Linux - News 27 03-01-2015 05:38 PM
[SOLVED] Hack Attack: Firmware Compromised? Pipo P1 business_kid Linux - Security 5 01-18-2015 11:02 AM
Where to find Wheezy USB or Iso-Hybrid Install from USB Pendrive ? Xeratul Debian 4 12-16-2013 03:36 PM
How to mount the USB pendrive while installing operating system from the same. anon.addon Linux - Hardware 1 04-20-2009 07:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration