[Noisebridge-discuss] usb 'dead drops' at noisebridge?

Seth David Schoen schoen at loyalty.org
Sun Oct 31 04:47:45 UTC 2010


Mitch Altman writes:

> Too cool an idea!
>  
> Too bad that there's a high risk of trojans by connecting a Windows computer to one (autorun.inf files can run an EXE file upon plugging a USB drive in).

I wonder what it would take to make a circuit that switched the
storage device back and forth between the public connector and
the USB port of a (hidden) "integrity check PC" installed by
the same person who installed the whole setup:

public connector -----\             /----- integrity check PC
                      |             |
                      \-- decider --/
			     |
			     |
			  storage
			   volume

The "decider" circuit would contain a couple of solid state relays
that switched the storage volume between the public connector and
the integrity check PC whenever the previous connection disconnected
somehow (I don't know if the integrity check PC could actually
electrically disconnect after unmounting, which seems like the
easiest way to alert the decider circuit that it's time to switch;
otherwise the integrity check PC could have its own separate
connection to the decider to actively tell it that it's OK to
switch back the other way).

The integrity check PC could do three things:

(1) run a vfat fsck on the storage volume to make sure that what
was left was still a valid VFAT filesystem (in case of accidental
or intentional corruption) -- especially important in case some
operating systems' vfat implementations contain exploitable bugs
that can be triggered by trying to mount a maliciously-crafted
invalid filesystem;

(2) reformat the disk as an empty vfat volume if the fsck fails too
badly; and

(3) mount the resulting filesystem and unconditionally delete any
autorun file that exists at the top level.

It wouldn't have to be much of a PC to do this stuff.  Any old
embedded system with a USB implementation should suffice.  The
challenging question for me is whether dosfsck can actually
catch all of the potential forms of invalidity that could harm
users (and whether dosfsck itself is exploitable!).

Other ideas:

. the integrity check PC could keep a backup of the "last valid
  mountable" state of the storage volume, and under certain
  conditions where a user appeared to have erased or corrupted the
  disk too badly, it would simply restore this state.

. the integrity check PC could run a scan for Windows viruses,
  though arguably this is mostly useless and/or the responsibility
  the system's end-users.

The biggest problem with this that I see is that it requires
power, which the original concept doesn't.

-- 
Seth David Schoen <schoen at loyalty.org> | Qué empresa fácil no pensar en
     http://www.loyalty.org/~schoen/   | un tigre, reflexioné.
     http://vitanuova.loyalty.org/     |            -- Borges, El Zahir



More information about the Noisebridge-discuss mailing list