On Tue, Sep 21, 2021 at 06:37:41PM +0100, Tim Woodall wrote:
A ransomware attack that exploits a zero day ssh vulnerability for
example wouldn't be a complete disaster - this is only home usage - but
it seems fairly trivial to create a 'worm' usb device using a pi. I
haven't tested yet but with a blu-ray burner attached too the pi could
write to disc once there's 25G written and then delete it.
I'm slightly surprised someone hasn't done something like this already.
Because it's not actually easy to use such a thing. What would the pi
present itself as? A block device? Filesystems generally need to rewrite
specific blocks in order to work. You need to be able to access specific
objects. So maybe you expose the pi via CIFS or NFS or somesuch. Ok, but
files are often not written as one atomic operation, especially on
network filesystems. So you can't make the files completely immutable,
you need to be able to append to them while they're being written. So
what's your trigger condition to change from "appendable" to
"immutable"?
There are solutions for this, mostly in the compliance space, but
they're generally pretty niche.
