Can encrypted USB been comprimised?

Discussion in 'encryption problems' started by OldAmsXXXdam, Nov 17, 2018.

  1. OldAmsXXXdam

    OldAmsXXXdam Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    11
    I have this USB key which I forgot at a friends house. It's contents is entirely encrypted using Truecrypt 7.1a. Now I have it back and am getting a bit paranoid. This friend is alright but you should never trust the devil in anyone right. This friend is mac-based and quite the nerd. He brags about how he hacks iphones and tablets. And even how he spies on his girlfriends iphone. He shows her all these tricks he can do like getting back pictures she thought she deleted or getting access to her pin-guarded phone.

    My question is, can my USB stick somehow been comprimised. Like it could autimatically install spyware on my laptop now once I plug it in?
     
  2. itman

    itman Registered Member

    Joined:
    Jun 22, 2010
    Posts:
    7,546
    Location:
    U.S.A.
  3. OldAmsXXXdam

    OldAmsXXXdam Registered Member

    Joined:
    Dec 30, 2013
    Posts:
    11
    I don't understand what it means. TC cannot remove my password if it does not know my password..

    What I'm worried about is if were possible to install software on my truecrypted usb to do funky things on my laptop.

    I know that truecrypt reserves special places on a physical disk/partition for the header or something.
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    11,259
    Location:
    Here
    If you don't run anything from it (unknown exe that is placed on USB drive ) you don't have to worry. I somehow doubt that he would temper USB firmware and try to compromise your system on that level.
     
  5. DenisJohn

    DenisJohn Registered Member

    Joined:
    Jul 9, 2019
    Posts:
    2
    Location:
    Europe
    Yes, there are USB sticks that do exactly what you said. Some of them install software that pretend to be a keyboard driver as an example.
     
  6. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    2,150
    We haven't heard back from the OP in almost a year. USB's are dirt cheap. I would mount a machine in RAM using Debian/any linux flavor and then open the USB vault using VeraCrypt in TC mode (simple stuff). Capture the data to write to a new USB and destroy the original flash drive. When you shut down the RAM OS any cra* in RAM will disappear completely, just in case. Its is very unlikely your friend would really be able to accomplish what this thread addresses, but that "mouth" of his would make me burn the flash drive. My .02

    We have had to deal with the USB weakness this thread addresses in the crypto community for some time now. At 12K a coin the adversaries get creative.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.