Ah the post information ages' version of "stone in letterboxes/dynamite". I'm amazed.
nice, format them in a controlled environment and you got your self a free stick
[QUOTE=Saxon;51084101]nice, format them in a controlled environment and you got your self a free stick[/QUOTE]It's not worth the risk, in my opinion.
[QUOTE=Reflex F.N.;51084222]Not worth the risk, in my opinion.[/QUOTE]
Why not?
[QUOTE=Xyrec;51084249]Why not?[/QUOTE]
More than likely they're tiny.
[QUOTE=Xyrec;51084249]Why not?[/QUOTE]What if the malware is in the USB's firmware? Formatting it won't help there.
It appears that the attackers have gone to great lengths to buy and distribute a large amount of USBs. I don't think it's far-fetched to assume that they may have done something to the USB devices' firmware.
I just googled what I am saying to make sure that I am not typing nonsense, and I came accross this article that provides a real example of malware that is written to a USB's firmware.
I don't know how credible the source of this article is, but I read it and it seems good. But this isn't the first time I read about malware written into a USB's firmware; this is just the first article that came up when I googled "USB firmware and malware".
[URL]https://www.wired.com/2014/07/usb-security/[/URL]
Assuming these are just cheap 1gb drives anyway, why bother going through the effort of formatting them when they sell for like $2.
I know someone who got one of these in the mail. I'll take an image of it and provide it if anyone is interested.
[QUOTE=DogGunn;51084432]I know someone who got one of these in the mail. I'll take an image of it and provide it if anyone is interested.[/QUOTE]
Give me some inside info, I'd love to see the real world example.
I'll post it up in this thread when I get a chance to grab it. Hopefully tomorrow.
[QUOTE=DogGunn;51084514]I'll post it up in this thread when I get a chance to grab it. Hopefully tomorrow.[/QUOTE]
I'd boot up a linux liveusb before you look inside, it could potentially try and spread on OSX
[QUOTE=Reflex F.N.;51084351]What if the malware is in the USB's firmware? Formatting it won't help there.
It appears that the attackers have gone to great lengths to buy and distribute a large amount of USBs. I don't think it's far-fetched to assume that they may have done something to the USB devices' firmware.
I just googled what I am saying to make sure that I am not typing nonsense, and I came accross this article that provides a real example of malware that is written to a USB's firmware.
I don't know how credible the source of this article is, but I read it and it seems good. But this isn't the first time I read about malware written into a USB's firmware; this is just the first article that came up when I googled "USB firmware and malware".
[URL]https://www.wired.com/2014/07/usb-security/[/URL][/QUOTE]
Thats a pretty clickbaity article. Manipulating the USB firmware of the device isn't as ~dangerous~ as it sounds, pretty much all you can do is have it show up as a keyboard, mouse, ethernet adapter, etc, things you'll be able to near-immediately notice changes happen with.
[editline]21st September 2016[/editline]
In short: malicious USB drives aren't really so malicious to the point where you wouldn't notice something happening first.
[QUOTE=Map in a box;51085446]Thats a pretty clickbaity article. Manipulating the USB firmware of the device isn't as ~dangerous~ as it sounds, pretty much all you can do is have it show up as a keyboard, mouse, ethernet adapter, etc, things you'll be able to near-immediately notice changes happen with.
[editline]21st September 2016[/editline]
In short: malicious USB drives aren't really so malicious to the point where you wouldn't notice something happening first.[/QUOTE]
[QUOTE=lavacano;51085939]you'd have to go to some great lengths and make some great strides in electrical engineering to bake an attack like that into the firmware
it's way easier to just build some nasty binaries and reference them in autorun.inf[/QUOTE]
Oh, all right.
Thank you very much for explaining and clarifying things for me. :smile:
I apologize for posting misinformation.
[QUOTE=Reflex F.N.;51084351]What if the malware is in the USB's firmware? Formatting it won't help there.
It appears that the attackers have gone to great lengths to buy and distribute a large amount of USBs. I don't think it's far-fetched to assume that they may have done something to the USB devices' firmware.
I just googled what I am saying to make sure that I am not typing nonsense, and I came accross this article that provides a real example of malware that is written to a USB's firmware.
I don't know how credible the source of this article is, but I read it and it seems good. But this isn't the first time I read about malware written into a USB's firmware; this is just the first article that came up when I googled "USB firmware and malware".
[URL]https://www.wired.com/2014/07/usb-security/[/URL][/QUOTE]
you'd have to go to some great lengths and make some great strides in electrical engineering to bake an attack like that into the firmware
it's way easier to just build some nasty binaries and reference them in autorun.inf
[IMG]http://i.imgur.com/orI4RFr.png[/IMG]
sounded way scarier
So I had a look at the USB, but it was completely uninitiated as far as I could tell. It had nothing on the partition table, when I looked at it in gparted.
Not 100% sure if it was one of those USBs, but it looked similar.
Only 2GB. I just formatted it, and gave it back and said if you really want to use it, here (but its useless) - I doubt its firmware is infected, that would be stupidly time consuming.
It probably won't be far from now, before someone starts to send around those USB kill sticks.
Sorry, you need to Log In to post a reply to this thread.
