USB Autorun and Firmware Attacks
The most obvious and simple of attacks is also one of the longest-lived air-gap busters with the most dramatic example of real-world use. If an attacker can find even a momentary opportunity to get an infected USB device stuck into an air-gapped machine, they can do a lot of damage. Stuxnet offered up some of the earliest and most vivid examples of the dangers of USB autorun attacks. It's widely known now that US intelligence was able to use Stuxnet to compromise air-gapped Iranian nuclear reactors via USB. With the use of USB ports the opportunities are endless. One such developed by the NSA and leaked to the public in 2014 is COTTONMOUTH, a USB hardware hack that provides software persistence and over-the-air communication through RF link to bridge air gaps.
Since then, quieter uses of USB as a channel of attack have been refined. For example, four years ago, researchers Karsten Nohl and Jakob Lell demonstrated at Black Hat how to maliciously alter firmware on a compromised USB device to infect a computer with no hardware modification and little chance of forensic detection at the system level.
(Image by Oleksandr Delyk, via Adobe Stock)