4

I have a primary-school-aged daughter who needs to bring a presentation to school. Classmates are bringing their presentations on a thumb drive, but I have some security concerns. (One, two, etc etc)

I don't want to buy a new throwaway thumb drive every time she needs to bring a presentation with her, and moreover I don't trust a pre-teen to remember to dispose of a "dirty" thumb drive properly every time, or go through an ornate sanitiziation procedure that probably involves a trip through a standalone Raspberry Pi or some such. The point is, I need a child-proof solution that minimizes the chances of the drive being infected by the (probably compromised) system at school.

I'd like to implement the solution using equipment I already have, but could buy a dedicated "safe for school" device as a one-off if need be. Alternately, I think the school machine is Internet-connected, so suggestions for an online method of transferring data could work, as long as she wouldn't need to log into a sensitive account (because, again, I'd assume the system is likely compromised).

James B
  • 141
  • 2
  • How about making the stick read only using diskpart http://www.getusb.info/how-to-make-a-usb-read-only/ – iainpb Mar 18 '17 at 17:08
  • 1
    I'm not trying to be *too* paranoid but I figure if I can set it as "read only" in software then surely any moderately-competent malware could un-set the same bit. If I can find a full-sized SD card I could set the hardware read-only switch on that, and send her to school with a USB reader -- I'm not sure we have any left in the house,and I've found that those switches tend to (un)set themselves during normal handling, but it might be better than nothing. – James B Mar 18 '17 at 17:14
  • If you are only concerned with the software overriding the read only flag and not a malicious or unknowing user then that would work. You could also set a software switch as well. I'm pretty sure you can buy usb keys with a hardware write protect switch. – iainpb Mar 18 '17 at 17:19
  • Certainly you can get SD cards that have the write-protect switch. I know this because sometimes I bump it when inserting it into my camera after loading photos into my computer. A piece of tape over it will keep it in position. – SDsolar Mar 18 '17 at 19:05
  • What about mailing it to her teacher? – Marcus Müller Mar 18 '17 at 19:05

2 Answers2

4

I'll argue that you're taking on this from the wrong side. Instead of trying to protect the pendrive from malware assume that the pendrive is compromised as well (since it may at some point connected to a compromised system) and act from there.

I managed to get family members to assume that if their pen drives connected somewhere that is not under their full control then it likely contains malware. And I do have a machine in which I can plug the drive, link the device, check partition signature, check filesystem signature, and (only then) mount it. All this is done by a script that I know what is doing, not some automated auto-mount system which may try to read "smart" caches from the pendrive (autorun.bat anyone?).

The ornate procedure you link can be almost fully automated. But there is more.

who needs to bring a presentation to school

This means that the transport is one way (home -> school). So the contents of the pendrive can be completely discarded once the presentation is made. This makes things a lot easier! There absolutely no need to mount the pendrive. Your procedure can simply by to erase the partition table and write a new one.

So, your daughter can get a presentation to school, catch all the malware she wants in the process. Return home and plug the drive into a "cleaning machine" which would simply overwrite the partition table.

Extra: overwriting the first, say, 16MBs of the drive (before recreating the partition table) may also be useful. Software that creates partition tables may be buggy, and may not overwrite every byte of the old partition table, this would make sure that the old table (and some of the old filesystem) is completely erased.

grochmal
  • 5,677
  • 2
  • 19
  • 30
4

What about creating a cloud account for her where she just saves her school documents ? There are some encrypted ones like sync.com out there which offers a few GB free space plus encryption what would be enough for her. I dont think there'd be a big risk... Guess this would be quite a better option than trust in a USB stick or something compareable

Dr3xler
  • 308
  • 1
  • 8
  • If it's a small enough file, maybe even emailing to yourself would work, no? – BruceWayne Mar 19 '17 at 02:53
  • 1
    He would have to create a new account there , too but there would still be a higher risk cause you can automatically send spam Mails from that account. In a cloud storage you can't send mails, and also especially sync.com doesn't have the option to e.g. change your password in a browser. You only can change it at your desktop application so thats another risk reducing point i guess. (And sorry for my english, i'm not the best but still wanna try to help) – Dr3xler Mar 19 '17 at 10:21
  • ah good points. (And your English is really good, for real. No need to apologise!!) – BruceWayne Mar 19 '17 at 14:58