Malware as security?

[jtmulc]

DISCLAIMER: This post is for hypothetical discussion only.

 

With police and border control having increasingly broad powers to search people's electronic devices, how long before we see malware developed as a security service?

Given that it is already possible to create infected usb drives that execute code as soon as they are plugged in to a PC, how difficult would it be to design something that infects any device trying to read a phone or tablet?

[Kalju]

There is nothing hypothetical, all these things are already in place and are used in many countries at the national level.

The same is also with these massive cyber attacks. These all are the ordered work at the national level.

And you all know which countries are doing it and which countries produce the appropriate software so that it can be done. It's not a secret.

[pc71520]

1 hour ago, jtmulc said:

How long before we see malware developed as a security service?

Already developed by Security & Intelligence services...

[straycat19]

On 5/19/2017 at 3:33 AM, jtmulc said:

how difficult would it be to design something that infects any device trying to read a phone or tablet?

 

Do you think any security service is going to plug a device into an unknown phone or tablet and allow anything to write to their device.  Those devices are read only, not forensic tools, and as such have a write block built into them.  They cause the device to show suspect data on the screen, then the device can be confiscated based upon what the examiner sees. Then a full forensic copy can be made of the device, again using a write blocker so the forensic utility is just reading the data and writing it to a storage medium.  It will not allow any program on the device to run.  How do I know this?  In the past I have setup these devices for law enforcement agencies and have much experience in computer forensics.  I carry a hardware USB write blocker with me everywhere I go.  I never plug any unknown USB device into anything of mine without using the writeblocker between it and my device.

[jtmulc]

On 5/21/2017 at 1:46 AM, straycat19 said:

Do you think any security service is going to plug a device into an unknown phone or tablet and allow anything to write to their device.

 

I don't travel much and my only interaction with security services has been limited to getting pulled over for speeding, so I had no idea what they use.  Given the level of IT security in other parts of the government, I wouldn't have been surprised if you had told me they used unsecured laptops from Target.

 

On 5/21/2017 at 1:46 AM, straycat19 said:

Those devices are read only, not forensic tools, and as such have a write block built into them.  They cause the device to show suspect data on the screen, then the device can be confiscated based upon what the examiner sees. Then a full forensic copy can be made of the device, again using a write blocker so the forensic utility is just reading the data and writing it to a storage medium.  It will not allow any program on the device to run.  How do I know this?  In the past I have setup these devices for law enforcement agencies and have much experience in computer forensics.  I carry a hardware USB write blocker with me everywhere I go.  I never plug any unknown USB device into anything of mine without using the writeblocker between it and my device.

 

That is really neat and informative.  Thank you.