Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Thread Tools Display Modes
  #1   (View Single Post)  
Old 31st December 2019
stanl stanl is offline
Real Name: Stan
Fdisk Soldier
Join Date: Jun 2019
Posts: 81
Default USB drive vulnerable?

Basic question - if i have a usb drive plugged in but not mounted, is that drive vulnerable should I be hit with a ransomware/malware attack?

Thank you
Reply With Quote
  #2   (View Single Post)  
Old 31st December 2019
e1-531g e1-531g is offline
ISO Quartermaster
Join Date: Mar 2014
Posts: 601

I don't know how susceptible OpenBSD is to malware infection in this case, but I think attacker may sniff things typed on USB-connected keyboard or sometimes even built-in keyboard.
Signature: Furthermore, I consider that systemd must be destroyed.
Based on Latin oratorical phrase
Reply With Quote
  #3   (View Single Post)  
Old 31st December 2019
Beastie Beastie is offline
Daemonology student
Join Date: Jan 2009
Location: /dev/earth0
Posts: 334

Yep, there are hardware keyloggers, rubber duckies (not the yellow bath toy kind), etc. If you're really paranoid, no device can be trusted.

Now if you're talking about those malware that have been infesting USB devices for more than a decade now, then these (used to?) depend on autoruns to execute their payload and/or the user being fooled into opening what they shouldn't (e.g. executables with a "folder" icon). Fortunately pretty much all of these are made for Windows and can quite easily be detected and eleminated. They will often store the payload in directories that have the "hidden" attribute or ones with the "system" attribute such as the "Recycle Bin" or "System Volume Information".
Needless to say most of them will not run on anything other than Windows and will definitely not pose any threat if you don't even mount the device. Also, maybe it's just me but 1) I've noticed a sharp decrease in this kind of USB-borne malware in the past few years and 2) these are more often transmitted through hijacked email accounts.

So theoretically, you mostly have to worry about the first type.
May the source be with you!
Reply With Quote
  #4   (View Single Post)  
Old 1st January 2020
TronDD TronDD is offline
Spam Deminer
Join Date: Sep 2014
Posts: 274

Originally Posted by stanl View Post
Basic question - if i have a usb drive plugged in but not mounted, is that drive vulnerable should I be hit with a ransomware/malware attack?

Thank you
Sure. The drive is still known to system even if no file system is mounted. The malware can scan the USB bus and mount any drive it finds. I don't know if any of them do that, but it'd be trivial.

A hardware encrypted drive should prevent any changes. A software encrypted drive could have the data erased, but not read.
Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Buggy, Vulnerable GoDaddy Certificates shep News 0 12th January 2017 07:16 PM
A Third of All HTTPS Websites Vulnerable To DROWN Attack J65nko News 0 1st March 2016 08:06 PM
Huawei USB modems vulnerable J65nko News 1 18th March 2013 02:45 AM
Adobe still distributing old vulnerable Reader J65nko News 0 18th February 2010 03:40 PM
Creating USB flash drive drive image from FreeBSD disc1.iso FBSD Guides 1 10th February 2010 04:42 PM

All times are GMT. The time now is 08:29 AM.

Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick