Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Is there a way to safely get data from SD and USB


  • Please log in to reply
22 replies to this topic

#1 bludshot

bludshot

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 29 May 2015 - 03:00 AM

Used to be that in windows, autorun would put you at risk when sticking a USB stick into your computer because it could run some code. So we would turn off autorun to fix that.

 

But now that we know that USB sticks and SD cards can have malicious code on them at the firmware level, we know they aren't safe anymore and the turning off autorun trick doesn't help with that bit.

 

So is there some clean safe way to get data from SD cards and USB sticks? Like I don't know, some kind of piece of hardware or something? What is the best practice for this if for example you are having to plug in a lot of SD and USB cards from the public?



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:01:50 AM

Posted 29 May 2015 - 03:05 AM

Firmware malware do exists, but they are rather impractical for malware writers to make. Not only the writers will have to account for the large number of firmware out there (because every firmware is different), but it will also require a great deal of skill to code something like that.

So I would say that in a practical situation you won't be encountering firmware malware in the wild.

Regards,
Alex

#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 29 May 2015 - 05:26 AM

What Alex said is right. You still have more chances to be infected by a malware from the USB by connecting it to a computer, than to be infected by a malware in the USB's firmware. So I wouldn't worry if I were you. Also, if you know what you put on your USB and never had it plugged in on an infected computer, you should be good as well.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 PM

Posted 29 May 2015 - 05:52 AM

Yes... it's highly unlikely you will encounter a BIOS-level scenario as it is not practical for attackers to use such an exploit on a grand scale. Malware writers would much rather target a large audience through social engineering where they can use sophisticated but less technical means than a BIOS virus.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 rp88

rp88

  • Members
  • 2,983 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:50 AM

Posted 29 May 2015 - 11:29 AM

So if with autorun disabled, and as long as you don't open any exe files on the drive, you can't get infected then why do hackers still try leaving USB sticks on carparks with words like "Salary details" written on them in official looking text. If disabling autorun and not running exe files were the only steps a user would need to take to avoid being infected by a USB then why are "intriguing" looking USb sticks still used by hackers trying to get into a business's computer network? The USB sticks they use for this must either be designed to perform firmware based attacks or some other attack vector which cannot be prevented by simple disabling autorun and telling users "don't open any exe files".
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 29 May 2015 - 12:03 PM

Or they simply contains infected office files with macro-based payload?... Which is what it is in the end.

Edited by Aura., 29 May 2015 - 12:03 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:50 PM

Posted 29 May 2015 - 12:51 PM

The malware in firmware is a interesting topic to say the least. If you want a really interesting read on Mac Thunderbolt firmware hacking, take a look at these links:

 

Thunderstrike - new Mac "ueberrootkit" could own your Apple forever

 

Thunderstrike 31Cc3 - Trammell Hudson's Projects

 

*note

They are both about the same topic. The first one is from Naked Security, the other is the really long write up from the talk Trammell Hudson did.


Edited by DeimosChaos, 29 May 2015 - 12:53 PM.

OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:50 PM

Posted 29 May 2015 - 01:14 PM

Not all hackers (or malware) rely on autorun. They can simply rely on trickery or foolish users clicking on a malicious executable file located on the usb drive.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:50 PM

Posted 29 May 2015 - 01:18 PM

Not all hackers (or malware) rely on autorun. They can simply rely on trickery or foolish users clicking on a malicious executable file located on the usb drive.

 

Ain't that the truth. Stuxnet anyone? Apparently it was delivered via USB drive out in the parking lot, it could have run off of auto run, but also could have had just a random file in there that the user clicked on wondering what it was.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 29 May 2015 - 01:19 PM

You know that Stuxnet was specifically made for a specific purpose? And that it's far more advanced than what the common user is infected with?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:50 PM

Posted 29 May 2015 - 01:23 PM

You know that Stuxnet was specifically made for a specific purpose? And that it's far more advanced than what the common user is infected with?

 

Yes I know. The advancement of the code has nothing to do with the statement that I made. I used it as an example to show how easy it is to deliver something like that on a simple USB drive, and have it run either via auto run, or more likely a file inside that ran when clicked on.


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 29 May 2015 - 01:24 PM

Oh my bad, I misread your "Ain't that the truth". I read it like "It's not the truth". My apologies.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 DeimosChaos

DeimosChaos

  • BC Advisor
  • 1,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:United States, Delaware
  • Local time:08:50 PM

Posted 29 May 2015 - 01:25 PM

Oh my bad, I misread your "Ain't that the truth". I read it like "It's not the truth". My apologies.

 

Haha its all good!


OS - Ubuntu 14.04/16.04 & Windows 10
Custom Desktop PC / Lenovo Y580 / Sager NP8258 / Dell XPS 13 (9350)
_____________________________________________________
Bachelor of Science in Computing Security from Drexel University
Security +


#14 bludshot

bludshot
  • Topic Starter

  • Members
  • 657 posts
  • OFFLINE
  •  
  • Local time:07:50 PM

Posted 29 May 2015 - 11:17 PM

I appreciate that it is a rare threat (so far?), but does no one know of a method to protect against it?

 

For example, if you had one that you magically knew was infected, and contained files you wanted to copy, how could you get them?



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:08:50 PM

Posted 29 May 2015 - 11:19 PM

There's programs that exist to protect against USB drives by disabling Autoruns/Autoplay, autoruns.ini, etc., such as Panda USB Vaccine. There's another one quite popular in the malware removal here, but I forgot the name. Maybe someone will post it soon. It's a program made by a member of the malware removal community, it have his name in it.

http://www.pandasecurity.com/usa/homeusers/downloads/usbvaccine/

Edited by Aura., 29 May 2015 - 11:20 PM.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users