I am trying to understand what generic risks are there in using my thumb drive to transfer files to some untrusted machine and plugging it back to my Windows device. Specifically I am interested in generic threats when I plug my USB Drive to external machine is compromised (like public image printing shop).
As far as I understand 2 main risks are:
A) Malicious files are copied to my pen drive from a compromised system and than
- I open them manually on a personal computer.
- Viruses are run automatically on usb drive plug in. (obsolete unless autorun is enabled manually on target machine)
- Malware is executed without user interaction and with autorun disabled. Such example would be something like buffer overflow in windows image thumbnail generator (CVE: 2010-3970). As far as I understand no user interaction will be needed and machine can be infected on it`s own (besides inserting USB drive, and browsing the folder of course).
B) Automated BadUSB firmware reprogramming. With all the further consequences that BadUSB deliver. But generally this kind of attack is not present in form of generic attack as it would require to support huge amounts of different peripheral manufacturers with different devices.
So my questions are:
Are there any other generic (non-targeted) threats that are similarly widespread in the wild?
In respect to risk 3 – how common are such almost no user interaction vulnerabilities in the wild?