• quixotic120@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    27 days ago

    I mean therein lies the problem. If you remove mass storage devices but allow cds then that’s just a different attack vector to exploit. You could potentially make it so there is no way to interface with any kind of storage but then when someone finds a way to break things open with a hid device you now have no practical way to fix the issue (plus working with the machine will be a nightmare)

    • chaospatterns@lemmy.world
      link
      fedilink
      English
      arrow-up
      0
      ·
      edit-2
      27 days ago

      CDs have an advantage over USB drives in that they can’t actually secretly be USB HID devices like a fake keyboard or mouse that runs a bunch of commands when it plugs in. It’s only a storage device.

      A super secure environment might then lock down all USB devices to ones known by them and then epoxy all ports and devices.

    • catloaf@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      27 days ago

      No. This exploit worked because the medium is read-write. Once a disc is finalized, it cannot be written to. You can’t exfiltrate data via the CD.

      I’m sure there’s some modified CD burner out there that can write to a finalized disc, but this would only work where the air-gapped machine supports it, and also even has a drive that can write.