I have this USB key which I forgot at a friends house. It's contents is entirely encrypted using Truecrypt 7.1a. Now I have it back and am getting a bit paranoid. This friend is alright but you should never trust the devil in anyone right. This friend is mac-based and quite the nerd. He brags about how he hacks iphones and tablets. And even how he spies on his girlfriends iphone. He shows her all these tricks he can do like getting back pictures she thought she deleted or getting access to her pin-guarded phone. My question is, can my USB stick somehow been comprimised. Like it could autimatically install spyware on my laptop now once I plug it in?
Scroll down to the no. 2 section in this article: https://itstillworks.com/remove-flash-drive-security-6142470.html . Haven't tried it myself but to answer your question of if comprise is possible, the answer is yes if the device is in the physical possession of a hacker.
I don't understand what it means. TC cannot remove my password if it does not know my password.. What I'm worried about is if were possible to install software on my truecrypted usb to do funky things on my laptop. I know that truecrypt reserves special places on a physical disk/partition for the header or something.
If you don't run anything from it (unknown exe that is placed on USB drive ) you don't have to worry. I somehow doubt that he would temper USB firmware and try to compromise your system on that level.
Yes, there are USB sticks that do exactly what you said. Some of them install software that pretend to be a keyboard driver as an example.
We haven't heard back from the OP in almost a year. USB's are dirt cheap. I would mount a machine in RAM using Debian/any linux flavor and then open the USB vault using VeraCrypt in TC mode (simple stuff). Capture the data to write to a new USB and destroy the original flash drive. When you shut down the RAM OS any cra* in RAM will disappear completely, just in case. Its is very unlikely your friend would really be able to accomplish what this thread addresses, but that "mouth" of his would make me burn the flash drive. My .02 We have had to deal with the USB weakness this thread addresses in the crypto community for some time now. At 12K a coin the adversaries get creative.