>Message: 1
>Date: Thu, 2 Oct 2025 12:12:17 +0200
>From: anonym <anonym@???>
>To: tails-dev@???
>Cc: jb@???
>Subject: Re: [Tails-dev] Wireless Vulnerability in All USB Memory
> Sticks
>Message-ID: <9b8435d0-27e1-447c-9939-ce17d09a2398@???>
>Content-Type: text/plain; charset=UTF-8; format=flowed
>
On 30/09/2025 18.57, David A. Wheeler via Tails-dev wrote:
>>> On Sep 30, 2025, at 9:35 AM, JOSEPH WILLIAM BAKER? via Tails-dev <tails-dev@???> wrote:
>>>
>>> Two department heads within a reclamation department of the US Department of Defense told me circa 2013 that SAP had discovered a wireless vulnerability in USB >memory sticks.
>
>Joseph, you said that "SAP had made the discovery public", so where can
>we read more about this claim?
>
>Otherwise, I have nothing to add to the great response from David A.
>Wheeler.
>
>Cheers!
Dear Anonym,
I could not find anything on the internet about SAP making the discovery public. I was told by the official that "The only reason I can tell you this is because SAP made it public." Then he proceeded to tell me about the wireless back door of the usb flash memory sticks. I can infer that the back door tech was a secret that could not be told... i.e. classified. But that he was saying the only reason he could tell me is because SAP had made it public. Let's search archive.org maybe? I have searched many times on the Internet and have not been able to find this. It's like a black hole on this information. Still, it might be interesting to ask SAP what their policies are regarding the use of USB memory sticks.
I was a systems administrator at Plug and Play Tech Center in Sunnyvale, California. We were renting a fully managed server to a 3rd party who was a contractor for this reclamation department for the DOD. He described the department's role as dealing with rusty old equipment the US Military would otherwise be leaving as waste.
We need people with wireless detective skills, and xray or thermal microscopic interrogation of the circuits to identify added circuitry installed at the fabrication facility which was not a part of the original design. Perhaps simulators of the circuits could show what the thermal footprint should look like and it could be compared to the actual fabricated device. I know there are programmable radios that can detect typical RF signals. Perhaps these could be employed to observe the wireless spectrum surrounding an active USB flash drive.
I cannot say whether an NVME host adapter instead of the flash drives would make any difference.
I presume the info has been squelched.
I'm just passing it on. Because I used to be very security conscious and I'd run linux from flash memory sticks mostly to practice best practices. Then I had to live on the run for a while. I know this can mean life or death. Police in Bakersfield, California made an attempt to kill me. And I know journalists are counting on the best practices to be shown to them.
I did post the original message I sent to the list here at my web site:
https://josephwilliambaker.com/usb-flash-drive-remote-vulnerability/
If you'd like me to make a video and swear under penalty of perjury I'll gladly do that on my youtube channel at
https://youtube.com/@remedyreport
Here I've recorded a video statement under penalty of perjury.
https://www.linkedin.com/video/live/urn:li:ugcPost:7379628842157543424/
I'm also on keybase as @foghorn
My linkedin page is
https://linkedin.com/in/remedyreport
I was on the leadership team of the Silicon Valley Bitcoin Meetup Group
https://www.meetup.com/silicon-valley-bitcoin-users/members/?op=leaders
David, what is your standard of evidence? I'll do the best I can to assert this claim because it basically shows us that what we thought were air gapped systems are vulnerable somehow through the memory stick.
Knowing this I removed the wifi card from my motherboard in the past when I was having difficulty with my live broadcasts.
Note: I still use memory sticks now and then but I have enjoyed running linux installers from a usb stick with the "TORAM" kernel option and then remove the stick during the install.
