Moved from https://forums.puri.sm/t/new-post-a-librem-5-video-made-on-a-librem-5 where the L5 convergence was discussed and how a USB port replicator / adapter / hub is needed and will allow all sorts of nice things. USB (un)security has been discussed before here and there and here and there… And in general, this gives a good overall picture of most USB related thereat vectors.
Is that (a convergence enabling hub: power + some usb-ports + rj-45 lan + hdmi etc.) a device that Purism should take a look at, as something we might need and want to uphold the security level L5 provides? As in, how much should we trust those - after all, they are full of chips, may have access to all of our wired web traffic (record or relay to a new destination?) and can pose as any USB device (keylogger)…? I don’t trust random usb dongels or cables, so why should I trust any hub? I mean, USB threats have been around for some time but an adapterhub with LAN-port might increase the risks, surely?
Would there be a market need for open and secure tech with trusted supply-chain? Maybe add a battery to it (“internal UPS”) and a heat dissipating cradle, and the desktop dream gets better.
But yeah, the fundamental question is, could the threats now move [figuratively] from secured device to a unsecure adapter that we have no way to interact with? Do you know a good hub from a reputable manufacturer that guarantees the security aspects - maybe even uses open hardware? And is affordable?