Yet another reason
...to never plug in an unknown USB.
20 years on yet many people seem to have not learned this.
Police in Ecuador are investigating attacks on media organizations across the country after a journalist was injured by an exploding USB flash drive. In a press conference on Monday, Xavier Chango Llerena, chief of criminal investigations for the National Police of Ecuador, said authorities had found envelopes containing …
"It really is an evil idea."
On the other hand, people have clearly STILL not learned to plug in unsolicited devices. Maybe if enough people learn that plugging it in might cause an explosion, they might think twice at plugging in the random USB pendrive "helpfully dropped" in the car park by your local friendly h4xx0rs.
I'd not wish anyone to come to harm, but this is exactly the sort of "security scare" many users need to be made aware of. Of course, even then, the "it won't happen to me", or "it only happens in far off countries" mentality soon kicks in.
"blast shield needs to be added to the equipment list."
Inside a fume cabinet.
I think it could be quite possible to pack an indecent quantity of a truly lethal gas inside a usb stick.
I was under the impression from last century's terrorism that C4/Semtex was pretty much undetectable or at least unsniffable.
and as, of course, journalists are going to get unknown USB sticks from sources unknown and need to access the contents, I'd've hoped that news outlets would provide the necessary basics and training to do so[2].
Sending exploding devices can only be condemned, of course, but hopefully the journalists won't be cowed by such tactics and will just respond by taking obvious extra precautions - a long extension lead and sand bucket for a start.
[1] as you all well know: use a cheap copier machine, preferably one without a complex OS, always have autorun disabled all the time, virus scan after copying to trusted medium but before opening, disable macros in Excel etc; hardly earth-shaking stuff.
[2] ever the optimist, but come on, this should be mandatory basic stuff, like fire drills: it's negligent not to provide it.
Or:
* create freshly imaged Linux server (or a fresh Linux VM with USB passthrough, if physical proximity isn't an issue)
* mount USB filesystem read-only inside Linux server
* fetch files using sftp/scp (or Samba if you value convenience more than security - but there are perfectly fine Windows sftp/scp clients)
For physical safety, I guess a USB extender with relays to allow remote activation.
"For physical safety, I guess a USB extender with relays to allow remote activation."
Relays? Just don't plug the extender in until after the device is plugged in and placed behind the blast shield. Then plug the extender cable into a power source, or if feeling brave, a computer.
It's only slightly more complex to trigger when the device enumerates as a keyboard or other off-the-shelf USB device chipset.
Better to do a proper sniffer test for explosives (and other dangerous things) in the mailroom.
It's not the first time someone has tried to murder a journalist using explosives, and sadly it probably won't be the last.
At one office, we had to connect a computer to a printer (probably USB2), but on opposite sides of a walkway between cubes. H&S rules said no cables on the floor, so we got a long USB extension and ran it up from the computer (on a desk), across the aisle above the ceiling tiles, and then back down again. Well over 3 metres; I think it was a 15 foot cable. Worked fine.
South America ... got to love the place. It's actually a worse hellhole than South Africa.
==== Here you get shot in the head =====================>
You are FAR more likely to be shot in many South American countries than you are in South Africa. South Africa only comes in at number 34 on the list of gun death by country with a gun death rate of 5.98 / 100k population.
Of the countries above it, all except 5 are in the Americas. Top 3 are Venezuela (36.75/100k), El Salvador (36.34/100k), Guatemala (33.06/100k). US is 22nd (10.89/100k).
The 5 countries above SA that are not in the Americas are Iraq (24th 9.72/100k), Eritrea (25th 9.44/100k), Philippines (28th 7.9/100k), Lesotho (29th 7.81/100k), Somalia (30th 7.24/100k).
https://worldpopulationreview.com/country-rankings/gun-deaths-by-country
Flamethrower now an option on S. African cars
Casting a man-high fireball, reportedly with no damage to the paint, the Blaster has been placed on 25 South African vehicles since its introduction
More adult question: How do you want your cajones cooked, rare or crispy?
In the US of A (and probably a lot of EU countries) this isn't likely to work. As all mail (unless it is kind of hand delivered by courier) and AFAIK also small packages via UPS, FedEx, DHL are being send through a scanner at the sorting facilities these days that will detect explosives (specially RDX, C4, Semtex), as well as things like Anthrax, so it wouldn't actually reach the intended target in the first place.
Yeah, a vacuum-sealed container filled with boron sand lined with lead and kevlar and with an USB extension cord is a good idea.
Altough a usb stick can carry its own battery and detect the leads being connected to trigger a detonation, even without a USB 5v power, or detection current.
I would suggest some form of rail guide and a relay to push the drive into said USB extension cord port, then powering it up.
*Chemical, biological, radiological or nuclear (CBRN) weapons