There was a presentation at BlackHat 2014 named “BadUSB - On Accessories that Turn Evil”, which showed that it’s easy to infect the firmware of USB-Sticks and other accessories to attack the computer without physical access to the hardware.
Now to my theoretical question: imagine a script kiddie who sells their used Model 01 but has flashed a malicious firmware just for laughs and giggles.
How can I as a user protect myself from that?
- would flashing a new or old version of the firmware when first using the used Model 01 eliminate such risks?
- could malicious firmware prevent flashing of new firmware by lying that a new firmware was sucessfully flashed?
- would using a passive (or expensive active) USB to PS2 adapter prevent such an attack vector?
EDIT: more detail about the attack: https://arstechnica.com/information-technology/2014/07/this-thumbdrive-hacks-computers-badusb-exploit-makes-devices-turn-evil/