Why people are saying that the files being deleted indicate a backdoor? This is clearly to be executed while having access to the laptop. So it’s not like I’m tricking someone into connecting the USB drive and after the PC is infected I want to get rid of the evidence. If some FBI agent is using a USB drive to unlock a laptop at work, what’s the point of making the drive single use?
This could also be part of the PoC created by the researcher, not part of the backdoor.
They said in the article they recreated it on their own. So it couldn’t just be the proof of concept.
This could mean they just put the files from the exploit on a drive and reproduced it. The author of the exploit claims it’s very complex and no one knows how it works yet.
Under cover/covert operations do actually happen.
So what’s the scenario they are protecting themselves against? Someone catching the agent right after they unlocked some encrypted drive with the USB drive still on them? It sounds very far fetched to me that FBI would request a backdroor from Microsoft with this very specific requirement. I think it’s more likely they would cover it on their side with some easily erasable USB drive. Plus such a solution would also let them get rid of the backdoor if they are caught before they used it.
It’s possible this was just added by the guy for his proof of concept, so I guess we’ll see when more information is released.
So what’s the scenario they are protecting themselves against?
I mean, if you had a USB backdoor why wouldn’t you automate the removal of evidence? It would make disposal a lot faster. You can just unplug it and physically destroy it to be safe.
I think it’s more likely they would cover it on their side with some easily erasable USB drive.
It’s definitely possible to add a feature like that to a backdoor but I don’t see how that’s a proof it’s a backdoor. It’s definitely not something backdoors always do and we don’t know if this functionality is in Windows or it’s part of the exploit. So am I missing something? Or are people just jumping to conclusions?
Why people are saying that the files being deleted indicate a backdoor? This is clearly to be executed while having access to the laptop. So it’s not like I’m tricking someone into connecting the USB drive and after the PC is infected I want to get rid of the evidence. If some FBI agent is using a USB drive to unlock a laptop at work, what’s the point of making the drive single use?
This could also be part of the PoC created by the researcher, not part of the backdoor.
They said in the article they recreated it on their own. So it couldn’t just be the proof of concept.
Under cover/covert operations do actually happen.
This could mean they just put the files from the exploit on a drive and reproduced it. The author of the exploit claims it’s very complex and no one knows how it works yet.
So what’s the scenario they are protecting themselves against? Someone catching the agent right after they unlocked some encrypted drive with the USB drive still on them? It sounds very far fetched to me that FBI would request a backdroor from Microsoft with this very specific requirement. I think it’s more likely they would cover it on their side with some easily erasable USB drive. Plus such a solution would also let them get rid of the backdoor if they are caught before they used it.
It’s possible this was just added by the guy for his proof of concept, so I guess we’ll see when more information is released.
I mean, if you had a USB backdoor why wouldn’t you automate the removal of evidence? It would make disposal a lot faster. You can just unplug it and physically destroy it to be safe.
Why not both? Redundancy never hurt.
It’s definitely possible to add a feature like that to a backdoor but I don’t see how that’s a proof it’s a backdoor. It’s definitely not something backdoors always do and we don’t know if this functionality is in Windows or it’s part of the exploit. So am I missing something? Or are people just jumping to conclusions?