
USB keys will end you and how to protect yourself - FounderSec
https://foundersec.substack.com/p/usb-keys-will-end-you
======
runamok
Are there any good ways to protect yourself on mac, windows, linux, etc. from
random USB keys?

Perhaps have a raspberry pi off the network since linux in of itself would
greatly diminish the attack surface?

An "evil maid" can always swipe _your own_ USB key and install malware so I'd
prefer a belt and suspenders strategy. Likewise someone walking by your
workstation could do a drive-by plugin too.

I guess it would have to be some OS level intervention that would say "you
plugged in an HID/file mount/etc., what do you want to do?"

~~~
T3OU-736
A recent discussion covering this:
[https://news.ycombinator.com/item?id=20744590](https://news.ycombinator.com/item?id=20744590)

There may well have been developments and chances, too. But, a start.

~~~
FounderSec
Great discussion there. That USBguard tool seems interesting. I'll take a
look, but the tricky thing with these USB Drop Attacks is the range of forms
they can take and the levels of complexity. That USBguard mentions it blocks
them from userspace, and without having looked at the code I imagine there's
still negotiation that happens at the firmware level, which still leaves quite
a lot of room for bad things to happen. For example you could make the perfect
whitelist of your devices, but someone could still easily plug in the $60 USB
Kill stick and it would fry your system. They could also take advantage of
firmware level USB exploits such as a DFU (device firmware update) attack to
inject malicious malware at the firmware level of your system. Off top of my
head, I would guess USBguard wouldn't be able to stop that lower level of
exploitation, so that's why I stick with not plugging anything in that isn't
mine and in more sensitive IT departments, they can disable USB ports
completely from BIOS.

