Are there any open source USB sticks that guarantee to be not reflashable (cannot be used for BadUSB) attacks?
-
-
Replying to @i0n1c
@i0n1c USB Armory has no flash, only a uSD card, which you can verify/re-image on a trusted system. /cc@AndreaBarisani1 reply 4 retweets 10 likes -
Replying to @rootkovska
@i0n1c (cont) While one could argue the uSD internal uC flash(?) might be reflashed, that would require a 2 stage attack.@AndreaBarisani2 replies 0 retweets 0 likes -
Replying to @rootkovska
@i0n1c But beware you can still be owned by a malformed part table or fs meta, exploiting a kernel bug in dst machine.@AndreaBarisani1 reply 0 retweets 3 likes -
Replying to @rootkovska
@rootkovska@i0n1c one mitigation for that is raw device with just minimal header (size) + archive, requires some creative scripting though1 reply 0 retweets 0 likes -
Replying to @AndreaBarisani
@AndreaBarisani You'd need to ensure the target kernel doesn't try to parse this device in any "intelligent" way, might be tricky...@i0n1c2 replies 0 retweets 0 likes
@rootkovska @i0n1c indeed, we routinely audit all layers triggeres by plugging in a device on high security/safety systems...lots happen
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.