In reviewing security documentation I’ve seen reference to these 2 security issues with using a USB drive with Workstation:
- serial number may leak into Whonix environment.
- attacker could remotely flash the drive.
Could anyone elaborate on these risks by answering any of these questions:
-what are the possible bad results if the USB drive’s serial number is exposed in Whonix? How could that lead to de-anonymization?
-I’m not sure what “flashing” is. What could be the bad results of an attacker flashing the USB drive while connected to Whonix?
-do you have to be de-anonymized before these USB problems could occur?
-does tunneling Whonix through a VPN reduce the risk of these USB vulnerabilities?
Thanks.