External Disk Security Risks in Ubuntu

TL;DR

Yes, even a seemingly ‘pure’ external disk can pose a threat to your Ubuntu computer. While less common than threats from the internet or software, malware can be pre-installed on disks, or vulnerabilities exploited through auto-mounting and file systems. This guide explains how to minimise those risks.

Understanding the Risks

Here’s why an external disk isn’t automatically safe:

• Pre-Installed Malware: Disks sold second-hand or from untrusted sources could have malware already on them.
• Auto-Mounting Vulnerabilities: Ubuntu automatically mounts disks, which can trigger malicious scripts if they’re present.
• File System Exploits: Certain file systems (like NTFS) have known vulnerabilities that malware can exploit when accessed.
• BadUSB Attacks: Some USB drives can be reprogrammed to act like a keyboard and inject commands into your system. This is rare but serious.

How to Protect Your Ubuntu Computer

1. Scan Before Use: Always scan any external disk with an antivirus program before opening it or accessing its contents. ClamAV is a good free option.

   sudo apt update

   sudo apt install clamav clamtk

   Then use clamtk (the graphical interface) to scan the disk, or run from the command line:

   clamscan /media/your_username/disk_label -r

   (Replace /media/your_username/disk_label with the actual mount point of your disk.)

2. Disable Auto-Mounting (Recommended): Prevent disks from automatically running scripts.
   1. Edit the /etc/fstab file as root. Be very careful when editing this file! Incorrect changes can prevent your system from booting.

      sudo nano /etc/fstab

   2. Find the line for your external disk (it will likely have a UUID). Add noauto,user,nofail to the options. For example:

      UUID=your_disk_uuid /media/your_username/disk_label ext4 defaults,noauto,user,nofail 0 2

   3. Save and close the file. Now you’ll have to manually mount the disk.
3. Mount Disks Manually: If you disabled auto-mounting, mount disks explicitly.

   sudo mkdir /mnt/mydisk

   sudo mount /dev/sdb1 /mnt/mydisk

   (Replace /dev/sdb1 with the correct device name for your disk – use lsblk to find it.)

4. Use a Read-Only Mount: Prevent any changes from being written to the disk.

   sudo mount -o ro /dev/sdb1 /mnt/mydisk

   This is useful for disks you only need to read data from.

5. File System Considerations: Use a secure file system like ext4 if possible. Avoid NTFS unless absolutely necessary, and be aware of its potential vulnerabilities.
   • If using NTFS, ensure ntfs-3g is installed:

     sudo apt install ntfs-3g

6. Keep Your System Updated: Regularly update your Ubuntu system to patch security vulnerabilities.

   sudo apt update && sudo apt upgrade

7. Be Careful with Unknown Disks: Avoid using disks from untrusted sources. If you must use one, treat it as potentially compromised and follow all the above steps carefully.
8. Check Disk Health (Optional): Use a tool like smartmontools to check for physical errors on the disk.

   sudo apt install smartmontools

   sudo smartctl -a /dev/sdb

cyber security Best Practices

Remember that external disks are just one potential attack vector. Maintain good cyber security habits overall, including strong passwords, regular backups, and cautious browsing.