132
50
Suppose someone wants me to copy some files to their USB stick. I'm running fully-patched Windows 7 x64 with AutoRun disabled (via Group Policy). I insert the USB drive, open it in Windows Explorer and copy some files to it. I do not run or view any of the existing files. What bad things could happen if I do this?
What about if I do this in Linux (say, Ubuntu)?
Please note that I'm looking for details of specific risks (if any), not "it would be safer if you don't do this".
Related: How can a flash drive spread a virus?, How can USB sticks be dangerous?, How do I safely investigate a USB stick found in the parking lot at work?, Safely opening a suspect USB Drive, How can I browse an untrusted USB flash drive safely?, Is there any way to safely examine the contents of a USB memory stick?, and probably more.
– Scott – 2017-05-06T22:04:24.8406Looking at a directory listing is unlikely to be a risk. Opening a malicious PDF in an old unpatched version of Adobe reader could be a big risk. In some cases even an image preview or a file icon could contain an exploit. – david25272 – 2014-01-31T03:58:03.093
12
@david25272, even looking at a directory listing could be a risk.
– tangrs – 2014-01-31T05:28:01.1605It's a little bit like getting into an elevator with a stranger, most of the time you're fine, but if the stranger is aka Hannibal Lecter... – PatrickT – 2014-01-31T06:35:02.517
59
You could break your uranium centrifuge http://en.wikipedia.org/wiki/Stuxnet
– RyanS – 2014-01-31T16:16:35.2601@tangrs, that's a great example of the sort of thing I was looking for. Why not post it as an answer? – EM0 – 2014-02-01T14:33:26.097
@EM You should probably reevaluate your accepted answer – CodyBugstein – 2014-02-03T15:49:52.060
1@Imray I will if you tell me a reason to. – EM0 – 2014-02-03T17:30:02.813
If I only use USB to push content off my PC, is it safe to
quick format
the USB before each use ? I use live ubuntu CD to boot up & format the USB. – user – 2014-03-01T05:54:13.077