>“We investigate the anecdotal belief that end users will pick up and plug in USB flash drives they find by completing a controlled experiment in which we drop 297 flash drives on a large university campus. We find that the attack is effective with an estimated success rate of 45–98% and expeditious with the first drive connected in less than six minutes.”
I'd do that as well. See if there's something that might peak my interest, then format it and start using it as it would be mine. lol
Jaxon Scott
I'd plug it in. I'd start up a live Linux distro and see if there's anything on it I can use to identify the owner. If not, then I'd deliver it to lost and found.
Zachary Wood
I would plug it in as well. If its a shitty Chinese one that just pops open, I might have a look inside it first for shits and giggles before plugging it in.
Gavin Wood
yes, and? they're college students, they dont have a vested interest in the school's property most were probably opened on junker school PCs, not their personal drives
Caleb Bennett
Luckily I use Qubes and my USB arbitration VM would be all that'd get infected.
Aiden Baker
Naughty USB! BadUSB!
Anthony Sanchez
Academic papers are the worst. They can take an interesting topic like this one and make it so dull.
Camden Gonzalez
Your life makes me feel sad
Michael Reed
What the fuck did I just read
Evan Davis
Opening it is the best thing to do. Even if you wanted to give it to the owner, there is a huge chance, being in the campus, it contains some signed school work which will lead you to the owner.
Mason Parker
>not having a noexec flac when mounting external devices by default kys
Jordan Watson
I plug it in to check if the owner has his details on a txt file in there or something, and if not then I take it to the lost and found so he can come pick it up.
Nicholas Baker
how to make nerve gas. You are now on several government watchlists
Wyatt Young
What? You mean malware? I have disabled autorun in WIndows.
Owen Gomez
Even though I know the risks, I still would open it too
If I was on college campus I would just open it on a college owned PC
Justin Murphy
Hi
Evan Sullivan
BadUSB doesn't need Autorun to execute. It's in the firmware of the drive.
I'm not even entirely sure if plugging into a *nix machine is safe. I do remember reading that there should be some suspect signs of it in dmesg.
Kayden Green
...
Matthew Peterson
Oh, well. That's just a study, it's not like some 1337 h4x0r is going to strategically place a bad USB stick for me to take.
Aiden Green
>24 bit
Camden Carter
I could've told you that without throwing 300 flash drives on the ground
Aiden Harris
What about it?
Sebastian Brown
Sure, they're just going to install BadUSB on the majority of USB sticks being produced in China.
Charles Davis
What does this do? Is this cheese pizza?
Connor Anderson
Ha. I have arch installed and I'd just plug it in as well since I never managed to get usb working anyways.
Luis Rogers
ROFLOL , failures.
Nolan Clark
sudo mount /dev/sdx /mnt/usb
Nathan Gonzalez
Pretty obviously going to be instructions on how to create a handgun, I expect via 3d printing
Xavier Jackson
WTF,how can so much data be stored in one sub 2mb file?
For any of you wondering its a collection of legal pics of some japanese woman which ive seen posted on /s/ and a lot of other places on 4ch Its alot of softcore shit,like ALOT
pic related,just one of the amazing amount of pics stored in thin thing
Ian Long
>"accidentally" dropped pic related >Teacher takes it >Class is dismissed for a semester
Joshua Clark
That's a nice way to waste thousands of dollars in tuition the students paid
David Brooks
I'm contacting the CIA as we speak
Jackson Price
>Living in america
Logan Young
>peak my interest Not quite
Jacob Davis
I'd be too curious not to plug it in. I'd most likely just not mount it and instead pass the full block device to my virtual machine then mount it in there.
Jaxon Scott
I didn't see any pics in it, just a gun guide
Austin Long
>peak my interest kek
Kevin Johnson
>follows instructions a picture he found on Sup Forums without hesitation >has archives on his computer he doesn't remember downloading >uses Windows
Thank you for your contribution. We'll make sure your computing power is put to good use.
Jacob Nguyen
Can youz explainz the ish? Dost thou maketh thine computational organ hitherto a bot?
Julian King
The attack works on any OS because it's the usb controller (pic related) firmware that's the problem. You could flash the usb controller with firmware that detects the OS and downloads the appropriate malware binary for any OS from your c&c server. It works on anything with a usb controller really, so long as you have the time and patience to reverse engineer the manufactures firmware. Modifying firmware for every chip would be a mammoth task but I wouldn't be surprised if NSA has done it already.
Adrian Gomez
does anyone have the one that actually contains the liberator
Tyler Hill
>the students paid
Daddy, the loaning agency, and the taxpayer, not the student.
Andrew Moore
Yeah and we should tax the rich more because they have money too right
Chase Price
I did this. Contains the files for the Liberator
Ian Hill
plug it into my laptop. I really don't care if my laptop OS gets borked. I once found a random USB stick and it had the owners name on it. I even got a thank you for returning it.
Samuel King
Is there a reliable way to check if a flash drive is a usb-killer? Like a device you can build that has a USB port and it either fries or not?
Nathan Gray
>45–98% That's a wide margin
Isaiah Brown
Dont know, but I'm pretty sure just by opening one, you could see whether or not this is a normal flash disk.
Logan Perry
>Femanon >Peak
Angel Flores
>implying Sup Forums knows what a USB pen is supposed to look like
kekkirikek
Anthony Flores
I'd open it in one of my test machines or someone else's machine. Never my main computers.
Christian Cruz
Is there some sort of USB surge protector you can get to plug in random USB drives like this without running your ports?
Modded drives are the only real issue, because if I'm running Linux 99.9% of malicious drives aren't going to be targeting my OS.
Before someone says "just dont plug any USB drives in you find", if you find a drive it most likely belongs to someone and viewing the files on it could help you return it, so that's not really a solution either.
Camden Bailey
Achievement unlocked
Jack Edwards
Might be nudes on there Let's be honest everybody who picked one up was thinking that
Dylan Peterson
Is there any issue with dount a casual mount /dev/sdb1 on linux?
Or is this just a windows thing?
Jaxon Morgan
>dount a casual mount que?
Eli Gutierrez
why not just mount it as read-only?
Robert Martin
What is it about stuff like this that is so intriguing to read?
Ryan James
Because BadUSB doesn't care about how you mount it. You're infected as soon as you plug it in as long as your computer has a USB controller chip and it's powered on