this post was submitted on 09 Oct 2024
208 points (97.3% liked)

Technology

58754 readers
4667 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
208
Two never-before-seen tools, from same group, infect air-gapped devices (arstechnica.com)
submitted 1 week ago by [email protected] to c/[email protected]
47 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 1 points 1 week ago (2 children)

I mean therein lies the problem. If you remove mass storage devices but allow cds then that’s just a different attack vector to exploit. You could potentially make it so there is no way to interface with any kind of storage but then when someone finds a way to break things open with a hid device you now have no practical way to fix the issue (plus working with the machine will be a nightmare)

[–] [email protected] 3 points 1 week ago* (last edited 1 week ago)

CDs have an advantage over USB drives in that they can't actually secretly be USB HID devices like a fake keyboard or mouse that runs a bunch of commands when it plugs in. It's only a storage device.

A super secure environment might then lock down all USB devices to ones known by them and then epoxy all ports and devices.

[–] [email protected] 2 points 1 week ago (1 children)

No. This exploit worked because the medium is read-write. Once a disc is finalized, it cannot be written to. You can't exfiltrate data via the CD.

I'm sure there's some modified CD burner out there that can write to a finalized disc, but this would only work where the air-gapped machine supports it, and also even has a drive that can write.

[–] [email protected] 1 points 1 week ago

Unless it’s a rewritable cd, or the cd is the first step in a chain of exploits that allows write access on the usb ports used for peripherals so that an inside person could get away with a usb key or modified keyboard, or something else we can’t conceptualize but some group of well funded state actors can