Can the act of plugging in a drive infect a computer

[timeshifter]

Can the act of plugging in a drive infect a computer?

In days gone by this seemed to be a real problem with AutoPlay and other Windows features. But it seems that Windows doesn't behave that way any more. I'm not worried too much if I've got a drive that may have some files that are infected in some way because I'm not going to run or click anything. But what are the modern risks of plugging in a compromised USB drive - just the act of plugging it in?

On my desktop I have AutoPlay set to "Take no action" for removable drives. "Choose a default" is currently selected for memory cards. Is that enough?

 

[phaZed]

It's pretty uncommon now days due to Autorun not running by default. That being said, there are still some crafted attacks that use JPG's and BMP's to infect a computer when it reads the file to provide a preview thumbnail. The specially crafted file causes an overflow in exporer.exe. Even much of the overflow issue has been fixed/mitigated.. but there is still some risk there.

Minimal risk.

 

[Sky-Knight]

Yes, just relatively unlikely.

 

[Markverhyden]

Technically it's still possible but highly unlikely if you have autorun disabled.

 

[britechguy]

As has already been emphasized, you have to look at what's probable, or even "kinda sorta" probable, rather than what's in the realm of possible but very remotely so.

The chance of an infection from connecting a drive these days falls into the very remotely possible realm unless someone's done something bone-headed like re-enabling autorun.

 

[Sky-Knight]

https://www.blackhat.com/docs/us-16/materials/us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf

 

[phaZed]

https://www.blackhat.com/docs/us-16/materials/us-16-Bursztein-Does-Dropping-USB-Drives-In-Parking-Lots-And-Other-Places-Really-Work.pdf

That's a bit of a different animal.. the USB Rubber Ducky/BadUSB implement emulates a keyboard in HID.. a hard drive would not be able to do that. But ya, Thumb drives are harder to trust than SATA because of possible HID/other usb device emulation.

 

[Sky-Knight]

That's a bit of a different animal.. the USB Rubber Ducky/BadUSB implement emulates a keyboard in HID.. a hard drive would not be able to do that. But ya, Thumb drives are harder to trust than SATA because of possible HID/other usb device emulation.

Yeah I was just throwing out there that sometimes it's not a great idea to plug in random things to your machine.

The SATA risks are still present, but that's also why my recovery unit is an old G series dual core, because those old platforms didn't have the smart flash-able controllers. Still, while this stuff is possible it's VERY rare. I haven't seen any examples of it in the wild aside from stuff like I linked above where it's being done in the name of research.

Which means the compromised device is being created to target a specific individual. I don't own enough for someone to come after me that way. I do have some clients that might... but even then that's a stretch.

 

[britechguy]

Still, while this stuff is possible it's VERY rare. I haven't seen any examples of it in the wild aside from stuff like I linked above where it's being done in the name of research.

Which means the compromised device is being created to target a specific individual. I don't own enough for someone to come after me that way. I do have some clients that might... but even then that's a stretch.

Which is my central point earlier. You can't make rational decisions without an accurate and rational risk assessment. "In the wild" as you've put it the probability of something like this is so close to zero as to not be worth general consideration.

It's probably about as likely as my being killed by a meteorite while sitting here in my den typing this message. I'd have to be mentally ill were I constantly worrying about such a remote possibility. Any accurate risk assessment precludes any worry about it at all.