What can be done to bridge the Air Gap, except autorun?
Is there any hardware butterflies that can attack physically isolated Unix/Linux machine in common usb drives, like VSC (Vendor Specific Commands)?
Asked
Active
Viewed 418 times
1 Answers
13
Any bug in the handling of USB devices can be exploited by malicious hardware. That's how the PS3 Jailbreak worked.
Remember that when you plug a "USB Flash drive" in a machine, you cannot be sure that what you plug is really "just a Flash drive". The machine sees it as a "USB device" which may claim to be a keyboard, a mouse, a network interface... A malicious Flash drive could be in fact a wireless network device, which claims to be some sort of ethernet card; the machine may react by automatically connecting to it (DHCP and so on): no more air gap !
Alternatively, the USB device may claim to be a USB-to-firewire converter and the device driver, already known to the machine, would then grant device-initiated DMA privileges: the device can then read and write any data byte in the machine.
Really, if you are serious about your security, don't plug untrusted device in a USB port.
Thomas Pornin
- 320,799
- 57
- 780
- 949
-
Did you mean that better use CD/DVD disc? – trankvilezator Sep 20 '13 at 16:28
-
3Indeed, a CD would be better, since a CD-ROM reader won't use it in any way other than reading bytes. A CD won't be able to masquerade as another kind of device. As you have noticed, beware of any Autorun features, of course. – Thomas Pornin Sep 20 '13 at 16:44
-
Great, I'll not put you answer as completed, but anyway thank you very much. Still waiting for more informative instructions to bridge air gap. – trankvilezator Sep 30 '13 at 15:18
-
See, Schneier builds his own air gap. Comments are pretty. https://www.schneier.com/blog/archives/2013/10/air_gaps.html – trankvilezator Oct 23 '13 at 15:06