Can consumer devices with a pen drive port inject computer viruses?

  • Thread starter Thread starter Swamp Thing
  • Start date Start date
  • Tags Tags
    Amplifier
Click For Summary

Discussion Overview

The discussion revolves around the potential risks of injecting computer viruses through consumer devices with USB ports, specifically focusing on a portable voice amplifier that can connect to USB drives. Participants explore the implications of using such devices, particularly in relation to malware risks and data security when transferring files to a Raspberry Pi.

Discussion Character

  • Debate/contested
  • Exploratory
  • Technical explanation
  • Conceptual clarification

Main Points Raised

  • One participant raises concerns about the possibility of the voice amplifier running a Lite OS that could be a vector for malware when connecting a USB drive.
  • Another participant mentions the susceptibility of USB ports to keyboard attacks, where a malicious device could emulate a keyboard and issue commands once plugged in.
  • Some participants speculate on the likelihood of the device being infected before purchase, particularly if sourced from less reputable vendors.
  • There are suggestions to test USB drives for integrity before and after use to check for any unauthorized changes.
  • Participants discuss the potential for root kits to hide malware on USB drives, complicating detection efforts.
  • One participant proposes using an old phone to transfer files via Media Transfer Protocol (MTP) as a safer alternative to direct USB connections.
  • Concerns are raised about the risks associated with plugging in devices that may not be purely storage, such as phones, which could introduce additional vulnerabilities.
  • Some participants express skepticism about the overall risk, suggesting that using known, reputable USB drives mitigates concerns significantly.

Areas of Agreement / Disagreement

Participants express a range of views on the risks associated with USB devices, with some emphasizing the potential dangers and others downplaying them. There is no consensus on the level of risk or the effectiveness of proposed safety measures.

Contextual Notes

Participants acknowledge that the discussion involves uncertainty regarding the effectiveness of various safety measures and the potential for undetected malware. The reliability of different testing methods for USB drives is also questioned.

Who May Find This Useful

This discussion may be of interest to individuals concerned about data security, particularly those using consumer electronics with USB ports for file transfers, as well as those exploring the implications of malware risks in everyday technology.

Swamp Thing
Insights Author
Messages
1,047
Reaction score
790
I just bought one of these things...


81HQQU8K+DL._SL1500_.jpg

described as a "Portable Rechargeable Mini Voice Amplifier for Teachers with Wired Microphone Headset and Waistband". (Not pasting the link here, but a search for the description should bring up similar generic items on Amazon). I'ts a box that comes with a Mic, allowing you to record and/or amplify your voice, and it can also work as a regular Bluetooth & MP3 player.

And, it has a USB port where you can connect a USB drive for recording, playing and transferring audio files.

But having just plugged in the drive, it occurred to me that this device does complex enough stuff that it might be running some kind of Lite OS that could be capable enough to be a vector for malware etc., including perhaps cross-platform baddies. So how likely is that, how much should one worry about this kind of vector?

I will be transferring files from the USB drive to a Raspberry Pi which I use for various experiments and for general web browsing, including reading Physics Forums, watching YouTube etc. It would be a pretty big nuisance if something bad were to happen to the Raspberry Pi's current OS installation and contents.
 
Computer science news on Phys.org
Reply
  • Informative
  • Wow
Likes   Reactions: davenn and Swamp Thing
jedishrfu said:
Any USB port is susceptible to the keyboard attack.

How would it play out in this case with the device from Amazon?

Let's assume for a moment that my USB storage (SanDisk branded) is genuine and free from bad stuff before I plug it into the audio box that I have just bought.

So now, the box's bad firmware would set up the USB storage to emulate a keyboard after it is plugged into my computer?
 
Some stuff on Amazon comes from small vendors in China as an example. Suppose it got infected there or was designed to only infect certain types of devices or copy a malware package onto your San disk stick then you could wind up with a virus infection.

I think in your case, this is highly unlikely though. You could and should make a backup of your PI boot drive for this kind of scenario.
 
Reply
  • Informative
Likes   Reactions: Swamp Thing
As mentioned, yes it is possible. And I would be less concerned if the product came from a major manufacturer than some place in Chine or North Korea that I never heard of.

One could, I suppose test it by taking two identical USB drives, plug one in, and see if they are still identical. There is software for these kinds of comparisons, some of which is a little sketchy as well. (I wend down this rabbit hole investigating a bad USB drive: the reported capacity was less than the actual capacity - once you filled it up to 25%, it stopped working)
 
Reply
  • Like
Likes   Reactions: jedishrfu
Vanadium 50 said:
One could, I suppose test it by taking two identical USB drives, plug one in, and see if they are still identical.

If I was a malware designer and a member of this forum, then at this moment I would be like ...
"Note to self: Don't write to the drive until something else is stored in it."
 
I said "identical". Not "empty".

Can this be a source of malware? Yes. Is it? Hard to tell, but there are red flags one can look for. Are there tests that can identify a malware-spewer? Yes. Are they accurate 100% of the time? No.

If you want an ironclad answer, you aren't going to get it. If you want a very good answer, the unit needs to go into a lab. If you are willing to accept "probably OK", buy from well-known brands and avoid sketchy brands or distribution channels.
 
Vanadium 50 said:
As mentioned, yes it is possible. And I would be less concerned if the product came from a major manufacturer than some place in Chine or North Korea that I never heard of.

One could, I suppose test it by taking two identical USB drives, plug one in, and see if they are still identical. There is software for these kinds of comparisons, some of which is a little sketchy as well. (I wend down this rabbit hole investigating a bad USB drive: the reported capacity was less than the actual capacity - once you filled it up to 25%, it stopped working)
There was an external drive scam that my son ran into at college some years ago where he got a terabyte drive in an enclosure that could only hold 64GB because it was actually a USB stick inside the enclosure not a drive.
 
Reply
  • Like
Likes   Reactions: Vanadium 50
Root kits can hide files and directories easily by intercepting OS calls and only returning those files not in its protected list.
 
  • #10
jedishrfu said:
because it was actually a USB stick inside the enclosure not a drive.
I'm not even slightly surprised.

jedishrfu said:
Root kits can hide files and directories easily
Yes they can. See my "not 100%" comment.

There exist programs that read USB block-by-block and not file-by-file. That's helpful. You can also use a USB port on a non-Windows/non-x86 machine: say an ARM running Linux. Neither is perfect.

If the requirement is zero chance of infection, do what the US government does: fill the USB ports with glue. If that is too extreme, you need to decide what level of risk to accept.
 
  • #11
With respect to the USB keyboard hack, they said the hacker would salt a parking lot with these devices. An employee might see it and bring it to work to look for identifying info in the USB stick files only to actually infect their own computer and then the work network.

We were routinely reminded never to plugin USB devices we didn't know.

At one company where I once worked, we discovered a network machine had the NIMDA virus, and every time we attempted an install via the network, we got the virus, too. Eventually, we had to install via media to avoid network contamination.
 
  • #12
Vanadium 50 said:
If you are willing to accept "probably OK", buy from well-known brands and avoid sketchy brands or distribution channels.

The product in my original post is, of course, not a well known brand and it could well be sketchy.

As a matter of theoretical interest, how much extra safety would you say the following strategy might offer:
  • I have an oldish phone that I haven't been using.
  • I would delete all apps that it allows me to delete, in general bring it to a pristine condition.
  • Connect the USB drive to it via an OTG cable.
  • Copy the files to the device storage then unplug the OTG.
  • Connect the phone to my Raspberry Pi and use strictly only Media Transfer Protocol (MTP) to transfer the files to the Pi.
My impression is that MTP is pretty much sandboxed compared to conventional file transfer via USB (where the phone looks like a full fledged storage device).

Another option might be to create a Google account just for this purpose and upload to Google Drive from the phone.
 
Last edited:
  • #13
If I tell you "this is probably OK" and it is not, you will be sad. Since I don't know, I shouldn't guess.
 
  • #14
I'm going to stick my neck out here and say that providing you only plug in USB memory sticks from a known origin (i.e. you have purchased them yourself) you are worrying about nothing.

The attack vector mentioned in #2 is not a malicious file on an ordinary device, it is a malicious device - a computer that masquerades itself electronically as a keyboard and physically as a memory stick.

As long as you are not stupid enough to execute any program stored on a genuine USB storage device (either manually or by confirming any "do you want to run autorun" OS prompt or by copying it locally and then executing it), it cannot harm you.

Note that by plugging something that is not a memory stick (e.g. a phone) in you are actually creating a risk that does not otherwise exist (e.g. the phone may be root-kitted with keyboard emulation malware).

Don't do this.
 
Reply
  • Like
Likes   Reactions: davenn and Swamp Thing
  • #15
pbuk said:
I'm going to stick my neck out here and say that providing you only plug in USB memory sticks from a known origin (i.e. you have purchased them yourself) you are worrying about nothing.

The attack vector mentioned in #2 is not a malicious file on an ordinary device, it is a malicious device - a computer that masquerades itself electronically as a keyboard and physically as a memory stick.

As long as you are not stupid enough to execute any program stored on a genuine USB storage device (either manually or by confirming any "do you want to run autorun" OS prompt or by copying it locally and then executing it), it cannot harm you.

Note that by plugging something that is not a memory stick (e.g. a phone) in you are actually creating a risk that does not otherwise exist (e.g. the phone may be root-kitted with keyboard emulation malware).

Don't do this.

Couldn't have said it better myself, good words of wisdom
 
Reply
  • Like
Likes   Reactions: Swamp Thing

Similar threads

Raspberry Pi bluetooth audio problem after upgrade
  • · Replies 1 ·
Replies
1
Views
2K