After reading the article in the link below, I immediately thought of all of those SDR Dongles being ordered from China. Have a read.
Why the Security of USB Is Fundamentally Broken | Threat Level | WIRED
The funny thing is this really isnt anything new.
Ever since USB and flash memory became popular and cheap to manufactuer this has been a possibility.
All it takes is a firmware re-write containing malicious software, or an additional eeprom added to the circuit. It can be done on anything, not just USB, but even memory cards if really desired. (think of the kingston or other brand usb mass storage that had software tools for encrypting hard coded into their firmware chip. the app would show up in the file system no matter how many times it was formatted.
Western digital is famous for that on their USB hard drive firmware. the backup utilities are always there, however remove the hard drive and plug it directly into a sata port, no utilities, they are stored on protected flash memory with the firmware. Some flash is broot force accessable. Remember the good ol ebay memory cards that seemed too good to be true for the price. Buy an 8GB card, PC shows it as 8GB, and you still cant fit more than 250MB on it. No matter how many times it was formated. It was spoofed in the flash and not erasable.
I had heard reports of keyboards, even back int he AT era that had keyloggers installed along with their rom chip. Not sure how true it was, but it is possible. All it takes is an eeprom, microcontroller, or protected flash memory and a bit of ingenuity.
The thing I want to know, is how long has this been going on before the security gurus figured it out,... probably since the dawn of USB.
Now someone in the malware security sector needs to start adding algorithms to check proprietary firmware on USB and other devices for malicious firmware.
