Index: sources/device/DeviceController.cpp
===================================================================
diff -u -rc9f8f8cf3c6c37fc6460d8675c62c9442c4d4263 -r1f2e7dbd08b00f8c56eedf29f083733570aa642e
--- sources/device/DeviceController.cpp	(.../DeviceController.cpp)	(revision c9f8f8cf3c6c37fc6460d8675c62c9442c4d4263)
+++ sources/device/DeviceController.cpp	(.../DeviceController.cpp)	(revision 1f2e7dbd08b00f8c56eedf29f083733570aa642e)
@@ -400,7 +400,12 @@
     // has been tested manually
     bool ok;
     _usbDrive = vDevice.toLatin1().constData();
-    ok = ::mount(_usbDrive, USB_Mount_Point, USB_File_System, MS_SYNCHRONOUS | MS_NOEXEC, "") == 0;
+    ok = ::mount(_usbDrive, USB_Mount_Point, USB_File_System,
+                    MS_SYNCHRONOUS  |
+                    MS_NOEXEC       |   // Disallow program execution
+                    MS_NODEV        |
+                    MS_NOSUID       ,   // Setting this option on a file system prevents users from introducing privileged programs onto the system and allowing non-root users to execute them.
+                 "") == 0;
     if (ok) {
         _mounted = true;
         _removed = false;