What is the safest and most convenient way to transfer data from my computer to "unknown" USB devices?

Question

I recently attended a friends wedding.

As a gift to the couple I filmed lots of things and edited the clips into a montage of the big day.

Thankfully they loved it and I have had requests from a number of people who would also like a copy.

Due to file size and poor internet speeds it is not really feasible to share online and I also don't want to post it online.

I have considered physical media but don't want the hassle/costs involved.

I have decided that I will simply place copies onto anyone who provides me with a USB stick/ hard drive big enough. This seems to work well for all parties involved.

Maybe I am being a little paranoid now but I don't know all the people that have asked to have a copy, and I am a little unsure of just plugging in random USB drives into my machine. I highly highly doubt that anyone has any malicious intent but even so I guess a virus could be passed on through an infected drive unintentionally etc.

Is there a fool-proof (and preferably easy) way to make sure that I can only write files to the USB and that any USB stick/hard drive will not have access to my PC and won't be able to do anything bad like infect my computer or access my files etc.?

Windows 10 is my OS.

Answer 1

Unfortunately it is very difficult to plug in unknown USB devices to exchange data in a manner that is guaranteed to be safe; there's a reason secure facilities often completely disable USB ports. In some cases a USB device could even be designed to cause physical damage and there are very few devices that have circuitry designed to protect against this type of attack.

The only method I can think of that could reasonably "guarantee" safety would be to set up a sacrificial computer, probably something cheap like a Raspberry Pi, and transfer your files there. Then disconnect the sacrificial machine from the network and use it to transfer the files to the potentially unsafe drives. When you're done, wipe and reinstall the sacrificial machine. I'm guessing this is probably more effort than you're willing to expend, so if you aren't willing to accept the risks, I would suggest exploring alternative methods of file transfer.

Answer 2

I have an older TV that can display photos from a USB thumbdrive. I use it it make sure that it's really a thumbdrive, instead of a keyboard emulator or network device hidden behind a hub. It can show folders and list files, even files of unknown type. I don't worry about it getting infected, since it's all ROM and just a TV anyway.

While it's likely possible to craft a mutating USB interface that looks different to different machines, the TV validates that it's a working mass storage device, which eliminates a lot of attack tools disguised as thumb drives. It could still have a virus and hose a system if you get click-happy or run windows98 or something, but copying files over to a virus-laden drive shouldn't harm the computer.

Lastly, apply some common sense. If a "drive" is huge, like a rubber duck, i would ask for a more mainstream drive. Amateurs like me can cram the USB host hardware needed to mount a good attack inside of small pager, but we can't fit all that stuff in a single tiny PCB like a real thumbdrive would use. Again, not perfect, but it's all a numbers game, and it's easy to stack at least some of the numbers in your favor.