Attacking an offline system
Peter Lebbing
peter at digitalbrains.com
Fri Sep 13 11:08:16 CEST 2013
On 12/09/13 22:03, NdK wrote:
> Nope. W/ Vinculum module you send it commands like "open mickey.txt" and
> then "read 1024". The filesystem driver is in the module and your interface
> only receives expected data.
I hadn't looked at the Vinculum module[1]; that would indeed be a way to remove
the filesystem from the equation, although you will end up writing something
similar to a filesystem driver for the PC which might itself be exploitable.
You can reduce the complexity of the software, but you can't eliminate some form
of driver. And I certainly wouldn't trust the module to give me only expected
data :). You've only moved the complexity of the USB stack to the module, it
needs to be regarded exploitable.
> You really should define your "security perimeter".
You mean threat model? I completely agree. All my contributions are just musings
about things I notice while reading other people's contributions. I'm not
contemplating actually doing any of this. If you seriously consider doing this,
you need to formulate a good threat model.
I use a USB stick to transfer stuff.
HTH,
Peter.
[1] I was just thinking in general terms of bridging USB mass storage to a
serial port through some driver.
--
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>
More information about the Gnupg-users
mailing list