cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
rslade
Influencer II

USB fans at the Kim/Trump summit

So, apparently all the accredited journalists at the Trump/Kim summit are getting free USB fans.  You know, little fans that derive their power from your computer's USB port.

 

You know what a USB device can do when you stick it into your computer?

 

ANYTHING.

 

You know a better way for a regime that is known for trying to surveil and interfere with the free press (or two, or three: pick your favorite) to get a whole bunch of really high ranking reporters to install spyware or RATs on their devices?  And maybe infect machines back home, too?


............

Other posts: https://community.isc2.org/t5/forums/recentpostspage/user-id/1324864413

This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
5 Replies
chromsec
Viewer III

Giving up state secrets Vs feeling a bit sweaty.... tough decision 🙂

HTCPCP-TEA
Contributor I

Wow.

 

Considering the Nation in question has a (Media Percieved) history of paranoia, this is frankly hilarious.

 

I wonder if there is to be any issue to follow....

CISOScott
Community Champion

Hey it works at IT trade shows, why not on the global stage as well?

This is something I bring up to my employees all the time. What happens when you connect anything to the computer? You don't know, that's what. You just ASSUME it's only charging.

Flyslinger2
Community Champion

There maybe a handful of media outlets, and I'm being generous in my prediction, that truly have a decent security policy in place.  A decent policy would include a Mobile Device Management (MDM) tool, the assumption that any and all tech used would be immediately destroyed when returned and while out of the U.S. strict usage of secure communications would be enforced, but it would also include the training for how to handle situations like this when gifts are involved.

 

Any "talent" that refused to cooperate with this policy is welcome to find a job elsewhere!

Beads
Advocate I

I can see the argument for not having any blocks on these computers should someone pass a USB drive full of clandestine information off to a reporter, use at your own risk. As well as having a computer like that screwed down to the floorboards. Its a tough call when you have information gathers out in the field. Flexibility would be paramount but also highly quarantined when it comes back to the office for maint and repairs.

 

Now the real kicker would happen if some bad actor did place some sort of freaky malware on the drive. No self respecting A/V vendor would turn down the chance to thoroughly inspect one of those devices in hopes of finding some weird outlier. The positive and negative press would be priceless to the org that outs the purveyor. Doubtful anyone would be that obtuse to try but doesn't rule out the supply chain attacks either.

 

The mischief is almost unlimited here and the plot line for a really good security theater novel/movie. 

 

(*snicker*)