Secure USB hub options?

I have a 10 port USB hub I’m using to connect yubikeys, and such. I know for a fact the computer and USB devices connected are secure, but I’m not certain the hub is. It’s whatever Amazon offers from their product line.

Is there anything along the lines of Purism for hubs?

What is the perceived threat vector? Evil maid? Or pre-installed malware in a usb hub?

Regular USB hubs are pretty simple devices…they aren’t “smart” so there shouldn’t be any sort of wizardry on the circuit board. Most are made as cheap as possible…even many fancy ones are cheap insides with nice outsides… For that reason I typically use USB hubs if absolutely necessary…and never for any sort of data or vital devices… nothing like a mess when the hub unexpectedly disconnects…

As for threat of malicious actors hacking your hub when you aren’t looking, maybe you can get a USB power meter to check power draw with and without things plugged into it as a baseline. If it’s drawing excessive amounts of power all of a sudden it could be a clue of tampering or early sign of failure.


There is always a good old fashioned tear down big Clive style.

Not sure if Purism, tampers with the firmware? If they do, making something like that for any usb device would be folly. The protocol was never considered that secure. For good reasons to, usb has a lot more disadvantages when it comes to any kind of security. Thunderbolt is a nice replacement though, as it’s considered a way more secure device in terms of firmware & hardware.

There is a brand called Anker, that sells usb-hubs and loads of other usb-based devices. But tampering with the actual firmware as to heighten security is usually not included. What such brands usually do is to pick a certain, very stable or popular chip and base the device upon that.

Link to Anker devices:

I just mean Purism has a secure shipping, and verification of no tampering service you can buy. It’s for checking if the NSA or some state actor fiddled with your device.

1 Like

Going to have to figure out how to get in. Probably need a spudger to pry the plastic bottom open.

Yeah, evil maid. Something with a chip added to the board that sends data home.

I am locking down this computer with Qubes to only access specific addresses, though. Have an entire security onion.