Anyone know of a existing automated way of processing untrusted USB to the extract known and expected encrypted volumes?
_____
* Core issue I have never been able to workout is how to know given the potential for firmware hack how to make sure only the known trusted data makes it out of the isolated processing system to the trusted system; open looking at anything though as long as it open source, doesn’t have to solve that specific issue.
And interesting, always knew high voltage was a threat, but never thought of capacitor being used, since it wouldn’t require an independent power source.
For clarification, all USB ports are 5 volts DC; transformer (or computer) will take care of converting the 120/220 AC current to the necessary 5 volts DC.
Commonly two types of isolation data and power chipsets. For a dead drop, you would want a cheap voltage isolator set to trip/blow a fuse at 5 volts DC — with no data isolator.
Data chipset blocks all data flow - whole point of connecting to the deaddrop is to get data; and yes, I agree all lines when capping voltage show be checked, though would not be surprised it’s not common for off the shelf usb power isolators to only check the power lines as defined by USB standards.
A USB data-line isolator does not block data flow. Its entire purpose is to alow data to be communicated across a galvanically-isolated gap. It uses magnetic (transformer) or optical isolators to do that.
It blocks POWER flow, while passing data. Look up the ADUM3160 datasheet.
_____
* Core issue I have never been able to workout is how to know given the potential for firmware hack how to make sure only the known trusted data makes it out of the isolated processing system to the trusted system; open looking at anything though as long as it open source, doesn’t have to solve that specific issue.