USB Flash Drive Security Implications

distro

Hello,

I'm considering using a USB flash drive to move files between computers on a regular basis, using my GOS phone as the middle-man.

One computer is less trusted. Are there security implications for GOS?

Much appreciated.

ryrona

distro I would say using a USB flash drive is both more and less secure, depending on your threat model.

It is more secure if you distrust the computer, because you are in control of which files the computer can see, it can only see those you specifically transferred from your phone to your USB device. This is not the case if you plug your phone into your computer directly, where your computer would get full read/write access to all files in the current user profile.

But it is also less secure in the sense that your files will be stored unencrypted on your USB device. Even if you delete the files from the USB device again, someone who gets access to your USB device may be able to recover the files. USB devices are totally unsuitable for transferring files to and from an encrypted computer if you expect to preserve privacy, unless you use an app that creates an encrypted container.

The risk your phone would get infected or hacked by the computer is about the same with either method I would say, not very likely at all.

Hope this brought some clarity.

Rizzler

distro If you encrypt the USB stick with a strong passphrase then its not dangerous. Even if the PC is infected it probably wont transfer to Android. Use DroidFS to set up the encrypted file system on android.

ryrona

Ah, I see now I maybe misunderstood your question a little. In my answer I just compared the option of using USB thumb drive instead of USB cable directly between phone and computer.

But you want to transfer files to phone, and then to another computer? Maybe you need to describe your threat model better. What options are you considering and what is you worried about?