0

Can an infected USB infect my PC through sudo and/or home if it is under sudo (like cleaning it with sudo sgdisk --zap-all dev/sdb, sudo dd if=/dev/zero of=/dev/sdb, or even looking/changing partitions through parted and/or gparted)? For example, a theoretically infected or md5sum-mismatched Linux pendrive with malicious boot code that would automatically execute under booting the live USB?

RoundDuckMan
  • 662
  • Quite frankly, this would be more suitable question for security.stackexchange.com , but this does relate to Ubuntu as well. Need input from other high-rep users – Sergiy Kolodyazhnyy Feb 15 '16 at 22:00
  • Well it's Ubuntu-specific because I'm using Ubuntu, and there's one point of Ubuntu, "run software" is default for it in the removable settings for it, I think I've changed it to do nothing before I plugged in the USB, but still. – RoundDuckMan Feb 15 '16 at 22:03

1 Answers1

2

Highly doubtful. Linux doesn't have autorun feature like Windows does, so whatever is on USB drive is just data - passivelly stored, without any ability to act. With Ubuntu , USB drives get mounted automatically through Unity desktop's dbus methods to /media/USERNAME folder, file permissions being assumed as the current user and that's it.

There is however something known as udev rules, which are frequently used as sort-of autorun feature, for instance to run a specific script once a usb device is connected. This has to be set on your system, so in other words unless someone has tampered with your system first (either locally or remotely), there is no potential for malicious action from the USB itself.

Fabby
  • 34,259
Sergiy Kolodyazhnyy
  • 105,154
  • 20
  • 279
  • 497
  • Isn't by default though Ubuntu executes code? Though I do think I've changed that, but still. – RoundDuckMan Feb 15 '16 at 22:00
  • @RoundDuckMan What code you're referring to exactly ? Unless some form of script is set up in udev rules, I don't see what else could run. The only part being executed is Unity's dbus services that monitor for presence of USB media and automount it. That's all – Sergiy Kolodyazhnyy Feb 15 '16 at 22:02
  • Look into "removable media" in "about this computer" under the gear/power hybrid button, the one for shutting the system off and stuff like that. – RoundDuckMan Feb 15 '16 at 22:05
  • Yes, I see that. Thing about "software" is that it first would have to have executable permissions and second - USB drives are typically vfat filesystem , so they don't exactly recognize Unix permissions , therefore the way I see it, is that your system would really need to be targeted to get infected through USB. – Sergiy Kolodyazhnyy Feb 15 '16 at 22:19
  • "start boot-up binaries of other Linux Pendrives " ? You mean , you plug in USB drive and it boots it's own OS instead of yours ? Unlikely. First there is boot order set in BIOS , so unless you specify to boot USB first, then HDD, the computer will go to your OS first. – Sergiy Kolodyazhnyy Feb 15 '16 at 22:21
  • so you're saying that if it's vfat (fat32) it won't work, and if it doesn't have the permissions, it won't work? What about Linux boot-up binaries on a pendrive, especially one with dd used to load the ISO into the stick, will they automatically start since they typically start up when using the stick to boot up the OS, or is my already installed Ubuntu is smart enough to not bother with that? – RoundDuckMan Feb 15 '16 at 22:23
  • Look at this question , it's possible to make autorun work on USB , but it would have to have permissions, be ext4 filesystem. Everything that i just said – Sergiy Kolodyazhnyy Feb 15 '16 at 22:24
  • @RoundDuckMan I don't quite follow what dd and ISO you're talking about – Sergiy Kolodyazhnyy Feb 15 '16 at 22:25
  • A messed up a bit Linux Mint 17.2 pendrive from a Linux Mint 17.2 ISO(disc image). dd's a command line program that works like win32 disk imager. – RoundDuckMan Feb 15 '16 at 22:27
  • Let us continue this discussion in chat. – Sergiy Kolodyazhnyy Feb 15 '16 at 22:31