Ask HN: How to avoid USB firmware attacks
I'm aware of USB firmware attacks where a bad actor will leave a stray USB around with the hope of a target using it and compromising their computer.
This basically can be avoided by not plugging in a USB stick you don't own. But what precautions can one take when buying a USB device on a website like amazon?
It's not beyond the realm of possibilities that a potential attack target could be to pre-package USB devices with malicious firmware and sell or re-sell on a site like Amazon.
Is this is known attack vector, and is there anything one could do to prevent something like this?
5 comments
[ 3.1 ms ] story [ 26.7 ms ] threadUse an OS where common commands in Windows/Linux do not work.
Use an OS that can not/will not run the virus code these USBs try to plant.
Somebody is going to find that some of the USBs are malicious and will get to the attacker through Amazon and tracing the exchange of physical goods.
The USB attack used to be used in targeted attacks.
You are on hacker news. The NSA (and others) target sysadmins.
https://www.zdnet.com/article/nsa-targets-sysadmin-personal-...