Security risks connecting USB drive with Workstation?

Lidecker78 · 2015-12-02 23:52:31 UTC

In reviewing security documentation I’ve seen reference to these 2 security issues with using a USB drive with Workstation:

serial number may leak into Whonix environment.
attacker could remotely flash the drive.

Could anyone elaborate on these risks by answering any of these questions:

-what are the possible bad results if the USB drive’s serial number is exposed in Whonix? How could that lead to de-anonymization?
-I’m not sure what “flashing” is. What could be the bad results of an attacker flashing the USB drive while connected to Whonix?
-do you have to be de-anonymized before these USB problems could occur?
-does tunneling Whonix through a VPN reduce the risk of these USB vulnerabilities?

Thanks.

Patrick · 2015-12-03 01:19:46 UTC

Lidecker78:

-what are the possible bad results if the USB drive’s serial number
is exposed in Whonix? How could that lead to de-anonymization?

Yes, if these serial numbers are stored somewhere else also. They
could be limited to a specific geographical area. Or they might even
have a trail to who sold it. And the seller might have a trail to whom
it was sold.

-I’m not sure what “flashing” is. What could be the bad results of
an attacker flashing the USB drive while connected to Whonix?

Flashing means overwriting the firmware. Which is, simply put, like
the operating system running on a device. On the USB stack in this
case. Malware could be flashed on the firmware while the USB is still
functional. Once reconnecting the USB to the host

-do you have to be de-anonymized before these USB problems could
occur?

In most cases, the VM needs to be already compromised.

Reading USB serials though non-code exploration level exploits, bugs
or new fancy [browser or similar] features is also thinkable. [Like
webrtc allows to read the users local IP address.]

-does tunneling Whonix through a VPN reduce the risk of these USB
vulnerabilities?

No.