[turkishdelight]

I guess I'm primarily concerned with compromised firmware, not a special-made device. I'm not sure how realistic of a concern that is. Not that I'm a very interesting target, but I'd rather not have all my devices infected with malicious firmware. I figure that something like that would likely have state-level backing, and something that sophisticated could very easily get baked into brand new hardware at the fab without anybody knowing.

[Bender]

People can speculate all day but unless you are doing hardware level diagnostics there is no way to put your mind at ease. For charging devices one can either buy "USB condoms" or just make on by cutting every wire except those used for power. It also would not hurt to check if your BIOS has options related to disabling updates to the BIOS via USB/UEFI, just don't forget you did that if the option exists.

For your case of USB to Ethernet data is required so the only other way beyond hardware diagnostics and dumping firmware is to do extensive background checks on everyone working for your ISP, FTE's, contractors, executives and all the board members. Doing that without their knowledge is very expensive not to mention does not cover all the people in the shipping logistics path. Consumer hardware rarely has a full chain of custody with attestation.

There may be some fringe cases where a USB hub may help mitigate some threats such as over-voltage. Realistically at some point one has to either trust the device or avoid technology all together. There are communities of people that avoid technology so for what it's worth you would not be alone if pursuing that route.

If the concerns are related to organizations or governments snooping Microsoft Windows Recall, MacOS mediaanalysisd have negated the need for hardware snooping like the good ol' days of KeyGhost. One tiny update could in theory upload AI summaries. Incremental updates tend to stay out of the news.

[pwg]

An ethernet<->usb dongle that an ISP tech support guy is likely to have is more likely going to be a single purpose translator without upgradable firmware (because this makes it the cheapest possible, and these types of devices rapidly fall to the "cheapest possible" price point).

You also did not say what OS you are running on your laptop. If it is any later version of MS Windows, then you have infinitely more to worry about from Microsoft OS level spyware/malware/adware provided in a future Microsoft OS update than from a USB<->Ethernet dongle a random ISP tech. guy happened to have.

> that sophisticated could very easily get baked into brand new hardware at the fab without anybody knowing.

While possible, this is unlikely baked into /every/ device. It would more likely be a /special run/ at the request of Spy agency X and targeted for a specific shipment to a particular target. If for no other reason than the fab is going to want to be paid extra for the /special service/ provided.

[turkishdelight]

He had an Anker dongle IIRC (and I run Debian or Arch, depending). I think the BadBIOS episode infected me with that security researcher's (apparent) paranoia.

[pwg]

Then you are most likely (as in 99.99% likely) simply being paranoid for nothing.

[turkishdelight]

Thank you, I appreciate this.