On Sun, Aug 26, 2018 at 12:31 AM, Dirk Gottschalk <dirk.gottschalk1...@googlemail.com> wrote: > This is a really interesting question. But, does this really matter > got an USB device? If there is a program on your computer, which > interceps the communication, the security of you system is already > broken.
I am more thinking about a hardware attack. If the communication is not encrypted, this opens another attack vector. For comparison, think about [key loggers][1]. Putting a hardware logger somewhere between the USB peripheral device and the computer is potentially easier and quicker than tampering with either the peripheral device or the computer. Background: I want to put my SCM SPR332 v2 card reader into a different enclosure, so that it’s more portable for [use with my mobile phone][2]. The very long cable also needs to be replaced. One option is to add a USB port to the reader so that arbitrary cables can be used. This thought coincided with me reading about [doctored USB cables][3]. I don’t want to be required to trust three devices: phone, reader, and now cable [1]: http://www.taz.de/!5307828/ [2]: https://gist.github.com/feklee/92f76d2c8a7cabc477360d82b5305c19 [3]: <https://www.heise.de/security/meldung/USBHarpoon-Gefaehrliche-USB- Ladekabel-vorgestellt-4142285.html> _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users