|
Just the fact that one can insert a USB drive into the air-gapped system amazes me. I remember my days as a contractor at NATO and nothing could be plugged into those machines! I guess the problem is that most air-gapped guides and practices out there mostly focus on sucking the "air" out of computers: internet, networking, bluetooth, etc from the get-go ("remove the network card before starting!"). But even air-gapped systems need some sort of input/output, so a keyboard, mouse/trackpad, displays and monitors will be connected to it - all pretty much vectors for an attack; a base sw will be installed (making possible supply-chain attacks); largely USB drives and even local networking may be present. As a general rule, I'd say anything that executes code in a processor can be breached to execute malicious code somehow. Signing executables helps, but it's just another hoop to jump over. In fact I thought the threat in OP was about a USB firmware issue, but alas, it was just an executable disguised with a folder icon some user probably clicked on. To make things worse, critical hardware (trains, power plants...) vendor's fondness for Windows is notorious. Just try to find nix-compatible infrastructure hardware controllers at, say, a supplier like ABB who (among other many things) makes hydroelectric power-plant turbines and controllers: https://library.abb.com/r?dkg=dkg_software - spoiler, everything is Windows-centric, there's plenty of non-signed .EXEs for download at their website. This is true in many other critical industries. So common it's scary these things could be compromised and the flood gates, literally, opened wide open. |