1

Let's say I have one offline computer with some important data, and one online computer. Sometimes I need to move files from the offline computer to the online one. When I transfer those files, is there a risk that a virus would also transfer some of the important data that should not leave the offline computer?

As long as I don't plug anything into the offline computer everything is surely safe. But how can I then pass some files between the two computers, without risking that a malicious virus cache some of my other files from the offline computer and pass them to the online computer, and then send them away? I think it is possibile to write such a virus, that query the hard disk with some search and save some data when it is plugged in to the offline computer, and when it is plugged into the online computer it sends this stored data to a third party server.

How can I set up an environemnt and how should I behave in order to protect myself in a scenario like this one?

How can I control what is leaving the offline computer on a pendrive? Is it enough to check for hidden files in the file explorer? Maybe calculate a checksum before I plug in to the offline computer, and then compare that to the checksum of the files I transfer on the pendrive? Is there any alternatives? What about bluetooth? I guess there is no different which channel or protocol I use?

Anders
  • 64,406
  • 24
  • 178
  • 215
GuessMe
  • 91
  • 5

1 Answers1

3

There is no simple way to move files between computers and preventing other files from being moved. Yes, what you described is not only possible for malware, but was famously pulled of to destroy Iranian centrifuges by the Stuxnet virus.

As for some of your ideas. Most of them won't work. The virus can just write into unused space on the storage device and there is not a simple way to detect or prevent that. You could try to chceck all used space and overwrite unused space, but how would you prevent the device performing the overwrite from getting infected as well?

Using bluetooth is potentialy even more dangerous, as it is similar to just connecting it to the internet.

Transcribing data manually is about the only foolproof way of doing this, though a more reasonable level of security can be achieved using flash drives.

Peter Harmann
  • 7,728
  • 5
  • 20
  • 28
  • 1
    "Transcribing data manually is about the only foolproof way of doing this" - how about QR codes? – John Dvorak Sep 17 '18 at 10:59
  • @JohnDvorak Thought of that. QR codes sound good, but how would you transfer them? If you just point the camera on the screen, you risk the virus using small variations in background color and the code to transfer additional data. If you use a printer and a black and white scanner, the chances of that are reduced but the virus could still use shades, small inconsistencies in shape etc. – Peter Harmann Sep 17 '18 at 11:11
  • @JohnDvorak you would have to use some ridiculous setup, for example a board with LEDs that could only be turned on or off and could not be switched for at least a second (prevent imperceptible blinking) to prevent side-channel data being transferred, and a human would still have to monitor the transfer, which would be harder as humans generally don't understand QR codes just by looking at them. If you allow any QR code through, then what was the point in the first place? – Peter Harmann Sep 17 '18 at 11:14
  • @Peter Harmann writing about reasonable level of security do you mean just copy to usb pendrive a piece of data, then paste it from there to an online environement or some more sophisticated way or transfering it using usb pendrive (I have read usb flash drive = normal pendrive) ? – GuessMe Sep 20 '18 at 01:24
  • @GuessMe it depends on the exact scenario. What kind of data you are transfering, whether you are transfering both ways and so on. – Peter Harmann Sep 20 '18 at 07:18
  • Let's say both ways and it would be files like .odt pictures, .txt files. .pdf files etc. Best known for me would be to format pendrive right after plugged it in to safe, offline computer and then select desired files and unplug this pendrive, so I can plug it at my online computer. The other way I would also format it right after I use a file at online computer and then paste to it the file I want to hide in my offline computer next. – GuessMe Nov 25 '18 at 17:53
  • @GuessMe .txt files are quite easy, you format on online machine, load .txt, trasnfer .txt, format again on safe computer (if you don't care about the .txt staying on the Flash drive, see why deleting stuff from ssds is not possible). The problem comes when there might be a virus in the data. PDF, wordx etc, IMO are not safe formats when it comes to viruses. However, if you only want to store the data, not use it on the safe computer, I would recommend just encrypting them using for example VeraCrypt, so that if there is a virus, it can't be executed on the safe machine. – Peter Harmann Nov 25 '18 at 20:44
  • Obviously this is assuming your safe computer is not infected and that it does not auto-run anything from the flash drive. Also assumes your flash drive is not secretly a rubber ducky. Your biggest problem would be getting programs and updates onto your safe computer, as those are executable and could contain a virus. You may want to choose a system, that is unlikely to need security updates and hard to infect, such as SEL4 based system. – Peter Harmann Nov 25 '18 at 20:48