[tor-talk] USB Sticks for Tails -> CCCamp

Roman Mamedov rm at romanrm.net
Thu Jul 23 05:25:37 UTC 2015

On Wed, 22 Jul 2015 08:59:43 -0700
Apple Apple <djjdjdjdjdjdjd32 at gmail.com> wrote:

> On 22 Jul 2015 13:22, "Jacob Appelbaum" <jacob at appelbaum.net> wrote:
> > DVD drives are programmable computers until we find evidence
> > suggesting the opposite.
> And USB host controllers?

DVD drives really are; see for example [1] for information about DVD-RW
firmware modding and reflashing for NEC drives. Same as HDDs or SSDs.

USB host controllers by themselves are not known to have any reprogrammable
code, they are much simpler. If it's integrated into the motherboard, you will
just need to ensure it uses a free BIOS such as Coreboot.

However I have to wonder on what is your threat scenario that you cannot trust
a random anonymously bought off-the-shelf DVD drive. If the bootable OS
verifies signatures of files it loads from the disk, then it'd have to do a
rather sophisticated and specifically targeted for that OS "evil maid" attack.

[1] http://liggydee.cdfreaks.com/page/en/FAQ/

With respect,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20150723/8833f177/attachment.sig>

More information about the tor-talk mailing list