

CIRCLean – USB key sanitizer based Raspberry Pi - adulau
http://www.circl.lu/projects/CIRCLean/

======
na85
Isn't the real danger with untrusted USB keys based on firmware attacks rather
than malicious files that could be removed with a simple dd command?

Surely if you find a USB stick with questionable executables or PDFs on board,
you could just spin up a VM, open them there, and evaluate the danger? Maybe I
just don't understand the intended use case, but this seems like a solution in
search of a problem, not to mention audio progress indicators seems tedious.

~~~
rommelfs
Thank you for your comment. You've identified a problem in the description we
haven't seen: the word 'sanitizer' and the introduction lead to the assumption
that CIRCLean is an over-engineered version of a media sanitizer, which only
deletes files from a USB stick, packed into a Raspberry Pi.

In contrast - and that sentence is hidden somewhere further down in the
description - CIRCLean takes files found on an untrusted USB stick, converts
them into 'disarmed' file types and stores them on a trusted USB stick:

"CIRCLean is a independent hardware solution to clean documents from untrusted
USB keys / USB sticks. The device converts automatically untrusted documents
into a readable format on a clean USB key/stick."

We are going to rephrase the description.

Thanks again, and if you have additional comments, feel free to share them
with us!

