On 01/22/2018 08:33 AM, Peter Todd wrote: > Note that flash drives with physical write protect switches are available, > such > as the Kanguru FlashBlu30 line. While better than a regular r/w USB drive, I would not actually trust these. There's only going to be a regular USB flash controller inside, and the firmware on that one is just as good as the firmware on other USB drives.
The type of attack DVDs prevent is one where a compromised "download" or "checksum" machine compromises the USB drive firmware. The compromised USB drive then presents different data to different machines, e.g. the original iso to anyone checksumming and a modified iso to anyone booting. This attack requires a compromise of the USB flash drive controller via USB. This is realistic and has been demonstrated in the past. A "physical write protect switch" is only going to be routed into that chip through a GPIO, so it does *not* protect against this attack. Write-protect on or off, most of the USB protocol logic inside the controller must be working in order to serve read requests. DVDs fare better in this scenario. Even though you could also attack the reader firmware, the attacker has only one (large) static payload read by the firmware (the DVD). In case of the USB drive, the attacker has an interactive session over a complex, multi-layer protocol presenting much more attack surface. -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/6939ddab-bc1b-54f7-ef99-3f59172fbed7%40physik.tu-berlin.de. For more options, visit https://groups.google.com/d/optout.
signature.asc
Description: OpenPGP digital signature
