I recently purchased a cheap mouse online and used my desktop Linux server USB port to charge it. Is there any change the mouse was malevolent, and is there any way I can make sure it didn't introduce a virus into the system?
I guess it is possible, although most likely if they are putting malware on mice they are targeting Windows.
(At first I thought it was a joke, alluding to Linux users love touch typing at 120WPM and hate using a mouse, so any mouse peripheral is an 'infection').
I used to do the follow to learn more about linux system and how various sw components worked over long period of times on a personal server:
1) Create git repo, add all /usr/* /bin /sbin /etc to git.
2) Use utilities to monitor all TCP out going connections to see which apps were connecting to network.
It was a fun exercise to see what components, config files were change over time.
I think mice could easily be used to infect hardware because my Razer mouse tries to install some crapware occasionally.
I think I have only seen it in Windows but I don't know if that means linux cannot arbitrarily execute files hosted on a mouse, or if Razer skips the install because it has no compatible crapware.
Actually, this 'auto-install Razer bloatware' behaviour is a feature of Windows itself.
The mouse merely presents itself as being from a certain manufacturer, and Windows asks the user if it should fetch the drivers (and any other bundled crapware Razer wants to load on there).
I have had peripherals present on initial plugin as a USB flash drive with autorun.inf, autorun.exe. Then, after the drivers install (or you unplug and re-plug), it presents itself as a HID or other device you were xpecting again.
This is extremely prevalent with a lot of smaller things, particularly noname Chinese brands. I have ordered and received things like wifi USB adapters and BT4 adapters that came preloaded with autorun malware (I don't enable autorun). Presumably because the master at the factory was already infected or something, if it isn't intentional.
Razer's might just be WU getting "official drivers", but this is 100% not part of WU, extremely common, and often available on Amazon through thousands of brand names (fake) originating from the same factory.
I thought it was standard policy in any corporate IT security department these days to warn people not to plug in any personal device whatsoever with a usb plug, even, say, a fan or coffee warmer. Is it really possible for a usb device to be too small to contain a virus?
(At first I thought it was a joke, alluding to Linux users love touch typing at 120WPM and hate using a mouse, so any mouse peripheral is an 'infection').