is theoretically possible from an infected system infect a just downloaded iso ? For example, I download the ubuntu iso, I check the hash and it results ok, when I burn the iso the system inject the infection (on the fly) while I am burning it. Is this theoretically possible (without mount the iso, copy the files, insert the malware, rebuild the iso) ?
Asked
Active
Viewed 276 times
2 Answers
1
Yes, it is theoretically possible. If the ISO is just a file, then there is nothing preventing malicious code from unpacking it, modifying the contents, and repacking it. If the system you use to download and check the ISO is compromised, you cannot rely on that system to tell you whether or not the integrity has been violated. One possible solution would be to burn it to a disc, then verify it on another system which you do not expect to be compromised.
forest
- 64,616
- 20
- 206
- 257
1
Is this theoretically possible (without mount the iso, copy the files, insert the malware, rebuild the iso) ?
Yes it is theoretically possible. A malicious CD/DVD burning program could write whatever bytes to the disk that it wants. For a given iso there would be known disk locations of files and certain of those files could be overwritten by "bad" versions. This would, of course, change the hash of the resulting disk, so you could detect it. Also, such an attack seems fairly unlikely (unless it is rather narrowly directed).
hft
- 4,910
- 17
- 32