Are USB flash drive firmware viruses a thing?
June 30, 2017 12:31 PM   Subscribe

I recently ordered a cool USB flash drive through Etsy. I just started trying to research how to make sure it's not carrying some kind of malware, but it looks like that kind of thing would be in the firmware, and I'm not sure how to handle it.

It's basically a generic 8 GB drive put into a cool casing. Is there some way to check or overwrite the firmware of the drive?

(FWIW, the seller is in Latvia, which seems like an awesome country -- with a serious cohort of Etsy sellers).

Alternatively, is there some agency out there randomly sampling USB drives coming out of eastern Europe, and finding nothing malicious, so that I can be secure in the knowledge that there's essentially zero chance there's some kind of hidden malware on this drive?
posted by amtho to Computers & Internet (9 answers total) 1 user marked this as a favorite
Is there some way to check or overwrite the firmware of the drive?

Apparently, no to the first part and yes to the second part.

"The kind of compromise they're demonstrating is nearly impossible to counter without banning the sharing of USB devices or filling your port with superglue."
posted by The Pluto Gangsta at 12:40 PM on June 30, 2017

format it?
posted by patnok at 12:47 PM on June 30, 2017

format it?

The issue is that you have to mount the drive in order to format (or do anything to the drive) But, if the drive is carrying a payload, it's going to get deployed the nanosecond the drive hits the USB port.
posted by Thorzdad at 1:03 PM on June 30, 2017

format it?

I susspect that's why they're asking specifically about firmware.
posted by humboldt32 at 1:04 PM on June 30, 2017

This is slightly beyond firmware vulnerabilities... But gives me more than enough concern about plugging in strange USB devices:

"When plugged into a device, the USB Killer rapidly charges its capacitors from the USB power lines. When the device is charged, -200VDC is discharged over the data lines of the host device. This charge/discharge cycle is repeated many times per second, until the USB Killer is removed.

Simply put: used on unprotected equipment, the USB Killer instantly and permanently disables unprotected hardware."
posted by steinwald at 1:22 PM on June 30, 2017

You don't have to mount a drive to format it. Just be certain to turn off automount. If someone went through the considerable trouble of putting malware into the flash drive controller chip, then formatting would not fix it.

I wouldn't worry too much about it. If I were worried, I'd take the case off your Etsy purchase and put it on a drive I already owned.
posted by rdr at 7:05 PM on June 30, 2017

USB firmware malware hasn't reached the script kiddies yet, so I wouldn't worry about this, unless you've made an enemy of some nation's espionage bureau.

This is an attack that relies on subverting physical pieces of hardware, so the economic costs and incentives are only favorable to state sponsored actors.
posted by monotreme at 11:28 PM on June 30, 2017

My library and many others run software that locks them a bit, allows some changes, and when you log out, it reverts to the imaged state. Go test it at a library that has good IT support. (have worked at such a library, viruses are common, we were prepared pretty well.)
posted by theora55 at 12:45 PM on July 1, 2017

Yes, totally do worry about this! Google "USB firewall"
posted by at at 7:30 PM on July 3, 2017 [1 favorite]

« Older iPad Pro 10.5 inch vs 12.9 inch?   |   "Am I going to die?" "Probably not, but I wouldn't... Newer »
This thread is closed to new comments.