WingNews logo WingNews
top | item 45314597

Ask HN: How concerned should we be about USB security?

2 points| turkishdelight | 5 months ago

I had an ISP tech come by and set up service at my house, and I needed to access my router over Ethernet. My laptop doesn't have an Ethernet port, so I borrowed his Ethernet/USB dongle, I got everything set up and called it a day.

But I've started getting a little concerned about using this untrusted dongle on my laptop, especially from a internet service tech who may or may not be plugging his dongle into all manner of devices around town.

How concerned should I be about this? Should I trash my laptop and any accessories I've plugged into it since? This device is my central point of failure, I log into my banking accounts, admin accounts, it's my journaling medium -- you get the idea.

11 comments

order

pwg|5 months ago

Unless you are being targeted as a North Korean spy by the likes of the NSA, that dongle is likely nothing more than an ethernet to USB translator chip with nothing nefarious going on anywhere.

> Should I trash my laptop and any accessories I've plugged into it since?

Only likely to empty your bank-account of the funds necessary for new items.

turkishdelight|5 months ago

I guess I'm primarily concerned with compromised firmware, not a special-made device. I'm not sure how realistic of a concern that is. Not that I'm a very interesting target, but I'd rather not have all my devices infected with malicious firmware. I figure that something like that would likely have state-level backing, and something that sophisticated could very easily get baked into brand new hardware at the fab without anybody knowing.

JohnFen|5 months ago

It's good practice to avoid plugging anything you don't trust into a USB port (whether it's a memory stick or not -- even just a plain cable presents a potential risk). But in your case, I agree with slater. You're probably fine, but maybe do a scan of your machine and keep an eye on things for a while.

austin-cheney|5 months ago

Extremely concerned. The military has outlawed USB storage devices for over 20 years.

Personally I still use USB storage devices in limited contexts, like a source of music in my car or for installing a new OS.

bediger4000|5 months ago

The DoD is more interested in keeping data from leaking than keeping malware out. DoD has air gapped networks to prevent leaks mostly.

slater|5 months ago

I'd say keep an eye on your network traffic, but no need to trash your laptop just yet.