airgap icon indicating copy to clipboard operation
airgap copied to clipboard

Published 20 hours ago verified publisher icon defuse

BadUSB --> Use CDs?

Open defuse opened this issue 10 years ago • 2 comments

http://www.wired.com/2014/07/usb-security/

In summary:

  • A USB stick's firmware can be malicious and take control of the system.
  • Malware on a system can install the malicious firmware onto a USB (no physical access needed)

So, this means a USB stick is not suitable for transferring information from GapProxy to AirGap. What do we do now? Do we stick a second CD burning drive (optionally an external USB one) in both GapProxy and AirGap?

defuse avatar Jul 31 '14 16:07 defuse

See here: https://twitter.com/thegrugq/status/494921302256275457

Seems that's the solution.

ghost avatar Aug 01 '14 04:08 ghost

More from @thegrugq https://twitter.com/thegrugq/status/495066067195023361

"The process requires the destruction of the CD-R after use."

IOW one CD-R (Or DVD-R) for each communication, then destroy them.

I was thinking about saying to archive them for future analysis, but destruction makes them a lot harder to reuse.

defuse avatar Aug 01 '14 04:08 defuse