Two department heads within a reclamation department of the US Department of Defense told me circa 2013 that SAP had discovered a wireless vulnerability in USB memory sticks.
I know you guys lean heavily on using USB memory sticks to boot your live linux distribution, thinking it's safe from spying, but nothing could be further from the truth.
I recommend instead using a live DVD with the kernel option TORAM used to load your OS. Then figure out a way to mount your storage over the network from somewhere else. Perhaps with a ram drive overlay.
I remember a wifi card back around 2007 that had a vulnerability that allowed remote access to the whole motherboard - no matter the OS or driver. There is every reason to suspect that the sort of back door we are talking about here could have such wide access.
These are undocumented wireless methodologies as far as I know.
The officers told me this was how the US Government caused the Iranian uranium enrichment machines to spin to speeds far above the speeds they were suposed to spin at. These supposedly "air-gapped" machines were using USB flash drives. They went on to say the only reason they could tell me was because SAP had made the discovery public so it was no longer classified information.
The DOD does not allow usb Flash Drives on it's networks. It might be advisable to follow their policies for data management.
I told Bob Stanley of FreeOS about this circa 2018 in Acapulco, Mexico, and he wanted me to not talk about it. FreeOS was re-branding Tails and making a privacy centric tool and economic infrastructure around the DASH crypto currency.
I've continued posting about this from time to time sharing this information with those whom I felt it important to share with. I told some people in the Bitcoin Meetup of Silicon Valley where I was a co-organizer.
Regards,
Joseph William Baker®
[
https://josephwilliambaker.com/ |
https://JosephWilliamBaker.com ]
