Moved from https://forums.puri.sm/t/new-post-a-librem-5-video-made-on-a-librem-5 where the L5 convergence was discussed and how a USB port replicator / adapter / hub is needed and will allow all sorts of nice things. USB (un)security has been discussed before here and there and here and there… And in general, this gives a good overall picture of most USB related thereat vectors.
Is that (a convergence enabling hub: power + some usb-ports + rj-45 lan + hdmi etc.) a device that Purism should take a look at, as something we might need and want to uphold the security level L5 provides? As in, how much should we trust those - after all, they are full of chips, may have access to all of our wired web traffic (record or relay to a new destination?) and can pose as any USB device (keylogger)…? I don’t trust random usb dongels or cables, so why should I trust any hub? I mean, USB threats have been around for some time but an adapterhub with LAN-port might increase the risks, surely?
Would there be a market need for open and secure tech with trusted supply-chain? Maybe add a battery to it (“internal UPS”) and a heat dissipating cradle, and the desktop dream gets better.
But yeah, the fundamental question is, could the threats now move [figuratively] from secured device to a unsecure adapter that we have no way to interact with? Do you know a good hub from a reputable manufacturer that guarantees the security aspects - maybe even uses open hardware? And is affordable?
This is one of the issues where maybe important government and corporate entities have to worry about this, but who is going to bother for normal folks?
First of all, rewriting the firmware for these kinds of devices is hard because it is proprietary, so the most viable way to do this is to add some kind of spy device, and that probably means intercepting it in shipment or breaking into your house/business to insert it, because nobody is going to do this for every device in a factory, because it is too expensive, if just hoping that they will go to the right target.
The second issue is how will the information be transmitted, and the obvious way is through an Ethernet jack, but a lot of these hubs don’t even bother including Ethernet because WiFi is so common today. If not through Ethernet, then you have to be connected to some USB device that has internet access and be able to control it. At any rate, anyone watching the internet traffic will probably notice it which is why a cracker would limit the spy device to as few hubs as possible to avoid getting caught.
Maybe you can bribe a hub manufacturer to include spyware in the firmware, but if you avoid hubs with ethernet ports, there is probably isn’t enough space in the firmware to hold a full IP stack, and I don’t see an easy way to transmit it anyway.
There’s https://usbguard.github.io, but admittedly it needs a lot of love to become stable and user-friendly.
With such a mechanism in place, a lot of attacks can be mitigated.
In general, Linux used to trust devices. Perhaps it’s time for a change - and refuse devices by default, unless explicitly configured to do otherwise.
In the L5 case I can see the beginning of this approach - no closed source on the main CPU and memory, any firmware blobs run on devices themselves and are behind well defined interface, that provides them only those bits that we consider necessary.
Than again, since USB is a shared bus, a malicious device can go sniffing on the bus and get read-only access to the data. This is quite a different can of worms, and USB guard cannot protect against such a sniffer.
That may be for now, but I can easily imagine that in the future someone manufactures a whole lot of cheap ones to sell here and there - especially, if and when convergence catches on (or just to target high end / thin tablet and laptop users that need to do serious work from home). Maybe there would appear more room for (malicious) code via some new feature, like in-hub firewall or power meter or temperature sensor or other IoT thing - just to make it seem like a good idea and worth getting. So, getting ahead of this before it gets in the wild would be an unprecedented move in security, for sure. A bit of future proofing.
I’m definitely testing UsbGuard - thanks for the tip!