Jump to content

Protect myself if I need to use pendrive belonging to unknown people


Recommended Posts

We know that Malwarebytes does not scan external disks (at least for the moment).

How can I protect myself in the event of having to connect a third party pendrive / disk whose reliability you are not sure or in case of a complete unknown people?

Thanks to those who want to clarify my ideas

Link to post
Share on other sites

  • Staff

Currently, there really haven't been any USB-based exploits on macOS, largely because macOS never supported autorunning a process from an external drive. Thus, there has never been any case to my knowledge where a Mac was infected by connecting a USB drive.

That's not to say it's impossible, of course. There was, at one point, an exploit that could use the Thunderbolt port to modify the firmware:

https://trmm.net/Thunderstrike

This was purely theoretical, with the exception of an NSA exploit that was leaked that appeared to use this technique. And this did not involve USB.

It's highly unlikely that you'd get infected just by connecting a standard USB flash drive. The only known exceptions would be USB drives with specific hardware added, such as a USB Kill device (which fries any device it's connected to) or something like a Rubber Ducky, which acts like a keyboard and injects commands via keystrokes (which is extremely obvious if you're sitting in front of the computer when you insert the drive).

Link to post
Share on other sites

does not exist then, at the moment, the possibility of being infected by documents of various types (Office, pdf or other)?  

(Obviously I would never go to open .pkg or .dmg or .app, except that such files may exist but disguised, an eventuality that would lead to an unconscious action).

Thanks again

Link to post
Share on other sites

  • Staff

For PDF files, not if you're opening them with Preview... there are no known exploits for that.

Office files can contain macros, and although recent versions of Office enforce a sandbox on macros, there are some known sandbox escapes. If you allow macros in Office documents to run, then it's possible you could get infected... so, just don't let macros run. :)

Unless you open an app or other executable file of some kind, you should be fine, and in such a case, macOS should block them if they're not signed, and recent versions of Malwarebytes will block them if they're signed with a known bad code signature ("known bad" there being a more extensive list than what Apple considers to be bad :) ).

Again, though, I'd caution that there's always the chance of some new, previously-unknown exploit, so this advice cannot be considered to be 100% valid... but unless something changes, or you're the target of nation-state adversaries, you should be fine if you're careful.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.