Bug #11102

Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick

Added by intrigeri 2016-02-10 23:15:15 . Updated 2018-05-07 10:16:11 .

Status:
Confirmed
Priority:
Low
Assignee:
Category:
Target version:
Start date:
2016-02-10
Due date:
% Done:

0%

Feature Branch:
Type of work:
End-user documentation
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

As stated on https://mailman.boum.org/pipermail/tails-dev/2015-July/009234.html, about Hacking Team bits about Tails:

> o Infecting USB device which appears to be a bootable disk (Antonio +
> Giovanni)§ It will drop (release) the scout, then it will run
> a wipe.

Seems to be the same, but from a running and already infected non-Tails OS, when a Tails USB stick is plugged in it. That’s more concerning. We should check if we’re communicating clearly enough that:

  • the OS used to install or upgrade a Tails device can corrupt it
  • plugging one’s Tails device in an untrusted OS is dangerous

I constantly run into Tails USB sticks that have “hidden” files that indicate they have been plugged into Windows or OSX machines. Maybe I mostly run into users who don’t care about security (I doubt it), maybe we don’t do a good job at the 2nd point.

The 1st point became slightly more important now that we distribute Tails Installer outside of Tails: the Tails filesystem is mounted for several minutes during the installation process, which gives the attacker more time (and a nicer environment) to corrupt stuff than when doing a mere block copy (dd).

Setting priority >> normal, since it’s not a theoretical threat: the Hacking Team documents drop tells us that actual attackers are on it.


Subtasks


Related issues

Related to Tails - Bug #7076: Warn against plugging a Tails device in untrusted systems Resolved 2014-04-12
Related to Tails - Feature #8845: Give some love to our warning page Confirmed 2015-02-03
Related to Tails - Feature #10884: Write minor scenario for upgrading from another operating system Rejected 2016-01-08
Related to Tails - Bug #11137: Try to detect/warn in greeter if user has plugged tails device into untrusted system In Progress 2016-02-18

History

#1 Updated by segfault 2016-02-11 21:15:10

  • related to Bug #7076: Warn against plugging a Tails device in untrusted systems added

#2 Updated by sajolida 2016-02-12 18:20:55

  • related to Feature #8845: Give some love to our warning page added

#3 Updated by sajolida 2016-02-12 18:26:24

  • related to Feature #10884: Write minor scenario for upgrading from another operating system added

#4 Updated by sajolida 2016-02-12 18:26:28

Regarding “plugging one’s Tails device in an untrusted OS is dangerous” I think that the only thing we have is /doc/first_steps/persistence/warnings#index6h1. Maybe this could be a candidate for Feature #8845.

Regarding “the OS used to install or upgrade a Tails device can corrupt it”, I think that on top of documenting this as a possibility, I’m more interested in moving towards Feature #7499 and make it so Tails only gets upgraded from Tails (and possibly discourgaging or preventing upgrading from outside of it). At least that’s the security process what we had in mind when designing /upgrade and thus doubting about documenting anything else (for example Feature #10884).

#5 Updated by intrigeri 2016-02-13 01:05:47

  • Subject changed from Docment how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick to Document how much one effectively trusts non-Tails OS into which one plugs a Tails USB stick

#6 Updated by intrigeri 2016-02-13 01:09:59

> Regarding “the OS used to install or upgrade a Tails device can corrupt it”, I think that on top of documenting this as a possibility, I’m more interested in moving towards Feature #7499

Cool! Let’s keep in mind that Feature #7499 (and its Feature #5981 predecessor) have been around for years, with nobody putting serious work into it (and while it’s on our roadmap for this year, I see no complete team to work on it), so I would not count on it to address a security threat that actual adversaries are apparently exploiting already. So I’m glad that you mention “on top of documenting this” :)

#7 Updated by hybridwipe 2016-02-18 18:06:35

  • related to Bug #11137: Try to detect/warn in greeter if user has plugged tails device into untrusted system added

#8 Updated by emmapeel 2016-02-28 09:55:38

  • Assignee set to emmapeel

#9 Updated by sajolida 2016-03-07 12:06:19

I recommend you share with us your intentions on how to solve this before jumping to writing things. What would you change? Where? Which information would you give?

#10 Updated by Anonymous 2018-01-17 15:32:01

  • QA Check set to Info Needed

@emmapeel: do you still intend working on this?

#11 Updated by emmapeel 2018-02-28 16:13:43

  • Assignee deleted (emmapeel)

Hmm I am not going to do this.

#12 Updated by sajolida 2018-03-01 11:07:48

  • Assignee set to sajolida
  • Target version set to Tails_3.7

#13 Updated by sajolida 2018-05-07 10:16:11

  • Assignee deleted (sajolida)
  • Priority changed from Normal to Low
  • Target version deleted (Tails_3.7)
  • QA Check deleted (Info Needed)