在你最新的、安全的操作系统上使用你自己的受信任的USB驱动器是一回事,但是如果你最好的朋友带着他们的USB驱动器过来,想让你把一些文件复制到其中呢?你朋友的U盘会给你安全的系统带来任何风险吗,还是只是毫无根据的恐惧?
今天的问答环节是由SuperUser提供的,SuperUser是Stack Exchange的一个分支,是一个由社区驱动的问答网站分组。
图片由Wikimedia Comm***提供。
问题
超级用户读者E M想知道不受信任的USB驱动器可能有哪些危险:
Suppose someone wants me to copy some files to their USB drive. I’m running fully-patched Windows 7 x64 with AutoRun disabled (via Group Policy). I insert the USB drive, open it in Windows Explorer, and copy some files to it. I do not run or view any of the existing files. What bad things could happen if I do this?
What about if I do this in Linux (say, Ubuntu)? Please note that I’m looking for details of specific risks (if any), not “it would be safer if you don’t do this”.
如果你有一个系统是最新的,安全性很好,有没有任何风险,从一个不受信任的USB驱动器,如果你只**和复制文件到它,但什么都不做?
答案
超级用户贡献者sylvainulg、steve和Zan Lynx为我们提供了答案。首先,sylvainulg:
Less impressively, your GUI file browser will typically explore files to create thumbnails. Any pdf-based, ttf-based, (insert Turing-capable file type here)-based exploit that works on your system could potentially be launched passively by dropping the file and waiting for it to be scanned by the thumbnail renderer. Most of the exploits I know about are for Windows though, but do not underestimate the updates for libjpeg.
接着是史蒂夫:
There are several security packages that allow me to set up an AutoRun script for either Linux OR Windows, automatically executing my malware as soon as you plug it in. It is best not to plug in devices that you do not trust!
Bear in mind, I can attach malicious software to pretty much any sort of executable that I want, and for pretty much any OS. With AutoRun disabled you SHOULD be safe, but AGAIN, I don’t trust devices that I am even the slightest bit skeptical about.
For an example of what can do this, check out The Social-Engineer Toolkit (SET).
The ONLY way to truly be safe is to boot up a live Linux distribution with your hard drive unplugged, mount the USB drive, and take a look. Other than that, you’re rolling the dice.
As suggested by others, it is a must that you disable networking. It doesn’t help if your hard drive is safe and your whole network gets compromised.
我们最后的答案来自山猫:
Another danger is that Linux will try to mount anything (joke suppressed here).
Some of the file system drivers are not bug free. Which means that a hacker could potentially find a bug in, say, squashfs, minix, befs, cramfs, or udf. Then the hacker could create a file system that exploits the bug to take over a Linux kernel and put that on a USB drive.
This could theoretically happen to Windows as well. A bug in the FAT, NTFS, CDFS, or UDF driver could open up Windows to a takeover.
从上面的答案可以看出,系统的安全性始终存在风险,但这将取决于谁(或什么人)访问了有问题的USB驱动器。
有什么要补充的解释吗?在评论中发出声音。想从其他精通技术的Stack Exchange用户那里了解更多答案吗?在这里查看完整的讨论主题。
