TL;DR
Yes, even a seemingly ‘pure’ external disk can pose a threat to your Ubuntu computer. While less common than threats from the internet or software, malware can be pre-installed on disks, or vulnerabilities exploited through auto-mounting and file systems. This guide explains how to minimise those risks.
Understanding the Risks
Here’s why an external disk isn’t automatically safe:
- Pre-Installed Malware: Disks sold second-hand or from untrusted sources could have malware already on them.
- Auto-Mounting Vulnerabilities: Ubuntu automatically mounts disks, which can trigger malicious scripts if they’re present.
- File System Exploits: Certain file systems (like NTFS) have known vulnerabilities that malware can exploit when accessed.
- BadUSB Attacks: Some USB drives can be reprogrammed to act like a keyboard and inject commands into your system. This is rare but serious.
How to Protect Your Ubuntu Computer
- Scan Before Use: Always scan any external disk with an antivirus program before opening it or accessing its contents. ClamAV is a good free option.
sudo apt updatesudo apt install clamav clamtkThen use clamtk (the graphical interface) to scan the disk, or run from the command line:
clamscan /media/your_username/disk_label -r(Replace /media/your_username/disk_label with the actual mount point of your disk.)
- Disable Auto-Mounting (Recommended): Prevent disks from automatically running scripts.
- Edit the /etc/fstab file as root. Be very careful when editing this file! Incorrect changes can prevent your system from booting.
sudo nano /etc/fstab - Find the line for your external disk (it will likely have a UUID). Add noauto,user,nofail to the options. For example:
UUID=your_disk_uuid /media/your_username/disk_label ext4 defaults,noauto,user,nofail 0 2 - Save and close the file. Now you’ll have to manually mount the disk.
- Edit the /etc/fstab file as root. Be very careful when editing this file! Incorrect changes can prevent your system from booting.
- Mount Disks Manually: If you disabled auto-mounting, mount disks explicitly.
sudo mkdir /mnt/mydisksudo mount /dev/sdb1 /mnt/mydisk(Replace /dev/sdb1 with the correct device name for your disk – use lsblk to find it.)
- Use a Read-Only Mount: Prevent any changes from being written to the disk.
sudo mount -o ro /dev/sdb1 /mnt/mydiskThis is useful for disks you only need to read data from.
- File System Considerations: Use a secure file system like ext4 if possible. Avoid NTFS unless absolutely necessary, and be aware of its potential vulnerabilities.
- If using NTFS, ensure ntfs-3g is installed:
sudo apt install ntfs-3g
- If using NTFS, ensure ntfs-3g is installed:
- Keep Your System Updated: Regularly update your Ubuntu system to patch security vulnerabilities.
sudo apt update && sudo apt upgrade - Be Careful with Unknown Disks: Avoid using disks from untrusted sources. If you must use one, treat it as potentially compromised and follow all the above steps carefully.
- Check Disk Health (Optional): Use a tool like smartmontools to check for physical errors on the disk.
sudo apt install smartmontoolssudo smartctl -a /dev/sdb
cyber security Best Practices
Remember that external disks are just one potential attack vector. Maintain good cyber security habits overall, including strong passwords, regular backups, and cautious browsing.