Document better than users should not plug their Tails USB stick in other operating systems
Originally created by @intrigeri on #11102 (Redmine)
As stated on https://lists.autistici.org/message/20150713.082436.6360f534.en.html, about Hacking Team bits about Tails:
o Infecting USB device which appears to be a bootable disk (Antonio Giovanni)§ It will drop (release) the scout, then it will run
a wipe.
Seems to be the same, but from a running and already infected non-Tails OS, when a Tails USB stick is plugged in it. That’s more concerning. We should check if we’re communicating clearly enough that:
- the OS used to install or upgrade a Tails device can corrupt it
- plugging one’s Tails device in an untrusted OS is dangerous
I constantly run into Tails USB sticks that have “hidden” files that indicate they have been plugged into Windows or OSX machines. Maybe I mostly run into users who don’t care about security (I doubt it), maybe we don’t do a good job at the 2nd point.
The 1st point became slightly more important now that we distribute
Tails Installer outside of Tails: the Tails filesystem is mounted for
several minutes during the installation process, which gives the
attacker more time (and a nicer environment) to corrupt stuff than when
doing a mere block copy (dd
).
Setting priority >> normal, since it’s not a theoretical threat: the Hacking Team documents drop tells us that actual attackers are on it.