0

So I recently upgraded an old MB Pro to Mojave because I was concerned I could've infected it.

Now I'm probably overreacting to all of this but since I was using all of my USB sticks in the previous version, lets say the malware had created backdoors to each and every USB stick I've ever plugged in there.

Is there any way I can retrieve the files from my USB sticks safely/make the sticks safely usable again? I suppose that if my files were infected too, they'd have to exploit some vuln in the viewer I'm using (Preview) but as far as I'm aware, there aren't any exploits for it. (Edit : Apparently there is one in CVEdetails CVE-2007-0729 but it's for a very old version of Preview)

And stretching it even further, could the infected files attack the USB firmware? Or would physical access to the stick be needed to do so?

Thanks and sorry if this is not in the correct section.

qHXU96DERt
  • 1
  • 1
  • The files itselfe are not really able to attack the firmware on the stick, but it's possible that your pc attack it if the USB stick is connected with your computer. If you want to get your data safely i would recommend to download them in a virtual machine and try evey file on that machine. If you don't recognize any bad behavior, I would say they are kind of safe, but better would be if you check them all. – Cyberduck Nov 27 '18 at 18:41

1 Answers1

1

Depending on how paranoid you want to be, and how important the information on your computer is, you have several choices.

The most paranoid choice is to solder the USB contacts together and dip the whole thing in resin. Congratulations, your flash drive is now a perfectly usable paperweight and conversation piece.

The next option is to take the stick to a security professional. Hopefully your company's IT staff has a few who might be willing to help you out as a personal project.

If you have a disposable computer, you can boot it up using a live CD Linux installation. There are several available, and many exist specifically to scan potentially malicious files. I would download updated malware definitions, disconnect the computer from the network, then insert the flash drive and scan its contents. Then, once I'm certain the files are safe, reconnect to the network and copy the files over from the disposable computer, rather than inserting the flash drive into your Mac.

Since it's somewhat more likely that malware would attack generic USB flash drives themselves, rather than attempt to exploit a very specific bit of software that most people don't use, such as Preview on your Mac, I'd still be wary that the flash drive's firmware could be infected, and either discard it or turn it into a paperweight, after retrieving the files. As for physical access to your flash drive? Just plugging it into an infected computer is enough to give the malware the physical access that it needs.

Ghedipunk
  • 5,766
  • 2
  • 23
  • 34
  • Thanks for the reply. Unfortunately, I'm not able to find a disposable computer and actually I'm not employed; I bought the USB drives I'm talking about for personal use and have never used them on any device other than mine. In [another](https://security.stackexchange.com/a/103348/192291) thread, I read about CIRCLean which can apparently "sanitize" an infected USB drive and transfer files to a more trusted one. Is this a good approach? And I just toss the previous drives. – qHXU96DERt Nov 27 '18 at 21:45
  • 1
    CIRClean "utilises a Raspberry Pi " from that answer so is a form of using a disposable coputer – mmmmmm Dec 27 '18 at 23:00