Project

General

Profile

Bug #11102

Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick

Added by intrigeri over 3 years ago. Updated about 1 year ago.

Status:
Confirmed
Priority:
Low
Assignee:
-
Category:
-
Target version:
-
Start date:
02/10/2016
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:
Starter:
Affected tool:

Description

As stated on https://mailman.boum.org/pipermail/tails-dev/2015-July/009234.html, about Hacking Team bits about Tails:

o Infecting USB device which appears to be a bootable disk (Antonio +
Giovanni)§ It will drop (release) the scout, then it will run
a wipe.

Seems to be the same, but from a running and already infected non-Tails OS, when a Tails USB stick is plugged in it. That's more concerning. We should check if we're communicating clearly enough that:

  • the OS used to install or upgrade a Tails device can corrupt it
  • plugging one's Tails device in an untrusted OS is dangerous

I constantly run into Tails USB sticks that have "hidden" files that indicate they have been plugged into Windows or OSX machines. Maybe I mostly run into users who don't care about security (I doubt it), maybe we don't do a good job at the 2nd point.

The 1st point became slightly more important now that we distribute Tails Installer outside of Tails: the Tails filesystem is mounted for several minutes during the installation process, which gives the attacker more time (and a nicer environment) to corrupt stuff than when doing a mere block copy (dd).

Setting priority >> normal, since it's not a theoretical threat: the Hacking Team documents drop tells us that actual attackers are on it.


Related issues

Related to Tails - Bug #7076: Warn against plugging a Tails device in untrusted systems Resolved 04/12/2014
Related to Tails - Feature #8845: Give some love to our warning page Confirmed 02/03/2015
Related to Tails - Feature #10884: Write minor scenario for upgrading from another operating system Rejected 01/08/2016
Related to Tails - Bug #11137: Try to detect/warn in greeter if user has plugged tails device into untrusted system In Progress 02/18/2016

History

#1 Updated by segfault over 3 years ago

  • Related to Bug #7076: Warn against plugging a Tails device in untrusted systems added

#2 Updated by sajolida over 3 years ago

  • Related to Feature #8845: Give some love to our warning page added

#3 Updated by sajolida over 3 years ago

  • Related to Feature #10884: Write minor scenario for upgrading from another operating system added

#4 Updated by sajolida over 3 years ago

Regarding "plugging one's Tails device in an untrusted OS is dangerous" I think that the only thing we have is /doc/first_steps/persistence/warnings#index6h1. Maybe this could be a candidate for #8845.

Regarding "the OS used to install or upgrade a Tails device can corrupt it", I think that on top of documenting this as a possibility, I'm more interested in moving towards #7499 and make it so Tails only gets upgraded from Tails (and possibly discourgaging or preventing upgrading from outside of it). At least that's the security process what we had in mind when designing /upgrade and thus doubting about documenting anything else (for example #10884).

#5 Updated by intrigeri over 3 years ago

  • Subject changed from Docment how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick to Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick

#6 Updated by intrigeri over 3 years ago

Regarding "the OS used to install or upgrade a Tails device can corrupt it", I think that on top of documenting this as a possibility, I'm more interested in moving towards #7499

Cool! Let's keep in mind that #7499 (and its #5981 predecessor) have been around for years, with nobody putting serious work into it (and while it's on our roadmap for this year, I see no complete team to work on it), so I would not count on it to address a security threat that actual adversaries are apparently exploiting already. So I'm glad that you mention "on top of documenting this" :)

#7 Updated by hybridwipe over 3 years ago

  • Related to Bug #11137: Try to detect/warn in greeter if user has plugged tails device into untrusted system added

#8 Updated by emmapeel over 3 years ago

  • Assignee set to emmapeel

#9 Updated by sajolida over 3 years ago

I recommend you share with us your intentions on how to solve this before jumping to writing things. What would you change? Where? Which information would you give?

#10 Updated by u over 1 year ago

  • QA Check set to Info Needed

@emmapeel: do you still intend working on this?

#11 Updated by emmapeel over 1 year ago

  • Assignee deleted (emmapeel)

Hmm I am not going to do this.

#12 Updated by sajolida over 1 year ago

  • Assignee set to sajolida
  • Target version set to Tails_3.7

#13 Updated by sajolida about 1 year ago

  • Assignee deleted (sajolida)
  • Priority changed from Normal to Low
  • Target version deleted (Tails_3.7)
  • QA Check deleted (Info Needed)

Also available in: Atom PDF