I can’t think of any obvious reason this shouldn’t be detectable. Attach a suspect USB stick, do not mount it, and compute secure hashes of the partitions.
If the Tails installer doesn’t reliably create consistent partitions, that’s something to consider fixing, if it can be fixed.
Even then, we could use an emulator to walk through the boot process on the suspect USB stick and see if any code gets executed that isn’t part of Tails.
. png
> On Jul 13, 2015, at 1:24 AM, intrigeri <intrigeri@???> wrote:
>
> Hi,
>
> [redirecting this discussion to tails-dev@???, which is more
> suitable for this discussion => please drop tor-talk@ from the list of
> recipients when replying -- thanks!]
>
> I wrote (12 Jul 2015 13:06:15 GMT) :
>> https://wikileaks.org/hackingteam/emails/emailid/25607#efmBTaBTh
>
>> Below research points remain outstanding ...
>
>> VECTORS · Offline: [...]
>
>> by translate.google.com but obviously not precise but concerning nonetheless.
>
> I got a translation made by a native speaker who's skilled in this
> area, quoting it below with my notes+todo inline.
>
> $native_speaker wrote:
>> [EN] Below the feature that will be deployed for RCS10. The release is
>> expected for [... not sure what does it means ...] (October)
>
>> VECTORS:
>
>> Offline:
>> o Infection of bootable usb keys from UEFI (Antonio)$ The infected usb
>> key will drop (release) a scout itself.
>
> This seams to mean that a corrupted UEFI firmware would modify a Tails
> device plugged in the machine to infect it. To me it looks like it's
> part of "Tails can't protect against compromised hardware", modulo
> nitpicking wrt. whether firmware is software (which is correct
> strictly speaking), or a mere part of the computer hardware (which is
> also correct, from the PoV of a Tails system, as it's pre-existing to
> Tails starting). We have WIP to clarify our documentation in
> this respect.
>
>> o Infecting USB device which appears to be a bootable disk (Antonio +
>> Giovanni)§ It will drop (release) the scout, then it will run
>> a wipe.
>
> Seems to be the same, but from a running and already infected
> non-Tails OS, when a Tails USB stick is plugged in it. That's more
> concerning. We should check if we're communicating clearly enough
> that:
>
> * the OS used to install or upgrade a Tails device can corrupt it
> * plugging one's Tails device in an untrusted OS is dangerous
>
>> o Infection of Tails USB (Antonio)$ The infection will occur at runtime
>
> This seems to mean an running Tails infecting its boot device.
> Totally unclear if they had any remote idea of how to implement that,
> back then. Not much we can do about it that is not on our hardening
> milestone already, I guess.
>
>> o New NTFS driver for UEFI infection (Antonio)
>> o Persistent infection also on OSX and signed UEFI (Antonio)
>
>> Network Injection:
>> o New set of external antennas for the TNI (Andrea)
>> o Creation o a mini-TNI (Andrea)$ transportable by a drone, without
>> any melting constraints
>> o Creation of a micro-TNI (Andrea)$ HW of a mobile $ It will have a
>> subset of the functionality
>
> Cheers,
> --
> intrigeri
> _______________________________________________
> Tails-dev mailing list
> Tails-dev@???
> https://mailman.boum.org/listinfo/tails-dev
> To unsubscribe from this list, send an empty email to Tails-dev-unsubscribe@???.
