You have to use weak password (better if malicious device already know your password) or you have to enable upnp and accept automatic installation of drivers and networks.īut if you keep regular backups, saving syslogs too, and use read-only devices on critical hosts, with remote syslog,Īt time the malicious process begin, they will be logged anyway and I think they will have poor chance to harm correctly protected system. Some murderer take seconds, other take minutes, some murderer take hours, now this murderer take years!Īll this seem very hard and expensive to create, require strongly experienced programmer (team)!
Plug device lsusb | diff lsusb-before.txt -Ībout your cheap mouse: If you see two devices: one mouse and one data storage, containing mouse driver, this could be ok, but if the mouse won't work on your system and you decide to install embed driver, you will do this at your own risk!! (Do this in a second console, while watching your logs as previously recommended) You even could use lsusb before and after plug USB device, then look for differences. If device trig your system to load only one driver, corresponding to device purpose, this look fine (Nota: A cheap mouse won't require specific driver!! If yes, this could look suspicious).
If device trig your system to load many different drivers, when they are only simple storage device, this look abnormal.
If usb storage is recognized as a network devices, holding a full network, with upnp servers, who send automatically media. Required drivers will be loaded, if needed. When USB device is plugged, logs show what kind of device is recognized. Care to stay watching for some minutes after plug. On linux: tail -f /var/log/kern.log /var/log/syslogīefore inserting device, then look output when inserting USB device. Watching your system and kernel log seem appropriate.