• @[email protected]
    link
    fedilink
    English
    01 month ago

    I mean therein lies the problem. If you remove mass storage devices but allow cds then that’s just a different attack vector to exploit. You could potentially make it so there is no way to interface with any kind of storage but then when someone finds a way to break things open with a hid device you now have no practical way to fix the issue (plus working with the machine will be a nightmare)

    • @[email protected]
      link
      fedilink
      English
      3
      edit-2
      1 month ago

      CDs have an advantage over USB drives in that they can’t actually secretly be USB HID devices like a fake keyboard or mouse that runs a bunch of commands when it plugs in. It’s only a storage device.

      A super secure environment might then lock down all USB devices to ones known by them and then epoxy all ports and devices.

    • @[email protected]
      link
      fedilink
      English
      21 month ago

      No. This exploit worked because the medium is read-write. Once a disc is finalized, it cannot be written to. You can’t exfiltrate data via the CD.

      I’m sure there’s some modified CD burner out there that can write to a finalized disc, but this would only work where the air-gapped machine supports it, and also even has a drive that can write.

      • @[email protected]
        link
        fedilink
        English
        11 month ago

        Unless it’s a rewritable cd, or the cd is the first step in a chain of exploits that allows write access on the usb ports used for peripherals so that an inside person could get away with a usb key or modified keyboard, or something else we can’t conceptualize but some group of well funded state actors can