@tns1 wrote:
It is not that hard to design a system with one or all of these attributes and cost maybe 25c more: Code is write protected, code can be verified, and/or can be restored to factory condition regardless of what it is currently running. Lots of products exist that can do these things. Not totally hack-proof but less reliant on “security thru obscurity”.
If you can think of a way to do that over USB, you should patent it and become very rich.
USB is a networking protocol between two computers (host and device). Trying to figure out if one of the devices is malicious is the same problem as trying to figure out if a computer on the internet has been hacked. This is a very difficult problem to solve because all you can do is ask the computer if its been hacked, and of course, if it has been hacked it will simply lie. Likewise you can ask it for a copy of the firmware it is running… but if its been hacked it will simply give you fake firmware. Without taking apart the memory stick, there is no way to know if it is lying, and few people want to unsolder memory chips to figure that out.
