TR Forums

With the increasing prevalence of USB drives as an attack vector, I again wonder why there are barely any USB flash drives and external HDD enclosures with a physical write-protect switch. A simple concept that existed on all media 20-30 years ago practically disappeared. Any idea why?

There are a few USB and USB-HDD write blocking adapters, but it's probably partial protection, and it's not cheap or comfortable.

I think the concept vanished because we now have file systems and software that can do what the little plastic tabs used to do, free of charge and far more intelligently.

I.e., the NSA wants to be able to modify USB controller firmware, or at least try Autorun vulnerabilities?

Hmm. I wonder if anyone makes a USB condom variant that allows data to be read but not written. The common version cuts data entirely and allows only power, for charging.

Yes, but they're not that cheap, and I suspect it's not a perfect solution because there must be write-related commands/communication methods the adapter is unaware of.

It's better if it's part of the actual writing device, as the firmware authors are in full control and know all they need to know.

meerkt wrote:

there must be write-related commands/communication methods the adapter is unaware of.

USB is an open standard, so I have to doubt this statement.

No one forces you to use standard USB classes for communication, and even within defined USB classes you have provisions for custom stuff.

meerkt wrote:

With the increasing prevalence of USB drives as an attack vector, I again wonder where there are barely any USB flash drives and external HDD enclosures with a physical write-protect switch. A simple concept that existed on all media 20-30 years ago practically disappeared. Any idea why?

Because scotch tape and the Internet both exist.

bthylafh wrote:

meerkt wrote:

there must be write-related commands/communication methods the adapter is unaware of.

USB is an open standard, so I have to doubt this statement.

Malicious payloads in the USB firmware are a thing.

http://www.tripwire.com/state-of-securi ... anger-usb/
http://www.macobserver.com/tmo/article/ ... to-hackers

SD cards and SD-to-microSD adapters still have write-protect switches. However, are you absolutely sure there's no way around the write protection?

Wirko wrote:

SD cards and SD-to-microSD adapters still have write-protect switches. However, are you absolutely sure there's no way around the write protection?

If I remember correctly, those switches do nothing at all but signal to the host device that's accessing the SD card that it would be really, really nice if nothing got written today. It's entirely up to the host device whether it wants to honor the write-protect request, and it's easily circumvented in user software.

Wirko wrote:

SD cards and SD-to-microSD adapters still have write-protect switches. However, are you absolutely sure there's no way around the write protection?

Yeah, I was considering this for random transfers of data. I don't know if it's a hardware write protection. But in general I suspect it's a less reliable medium than plain UFDs, and it's not an alternative to external HDDs when you need real capacity.

Chrispy_ wrote:

I think the concept vanished because we now have file systems and software that can do what the little plastic tabs used to do, free of charge and far more intelligently.

If it's done in software, malware can defeat it. Also, anything implemented at the file system level won't protect you against accidentally doing any number of stupid things that operate below the file system level (drive image copy in the wrong direction, partitioning/formatting the wrong drive, etc.)