It depends what your needs are, and what your definition of “secure” is…
- Are you the only one with access to the USB ports?
- Are the ports going to not be left unattended for long periods of time?
- Will the devices being plugged into these ports be the same devices that are known to you?
If you answered no to any of these, maybe you should reconsider your security model…
I read this article, and I don’t know how much I agree with the phrase “This firmware itself isn’t actually a normal piece of software that your computer has access to.” in the article…
(It actually is a piece of software that your computer has access to!)
I’m all for simplification and paraphrasing, but if it turns the content into something that’s completely untrue, then I don’t know how comfortable I am with it…
"When you connect it to your computer, it could send keyboard-press actions to the computer as if someone sitting at the computer were typing the keys. "
Yes, I have a rubber ducky that I use to rickroll people. (Disable their keyboard, open Rick Astley - Never Gonna Give You Up, and turn the volume to 100%). Don’t worry, I fix their computer afterwards…
“A connected device could function as a USB Ethernet adapter and route traffic over malicious servers.”
Yes, that’s true, which is why you should be wary of any USB flash drives with a big blue CAT6 cable extending from them and out the window down the street!
No, but seriously, this is a real thing, and is a problem if your computer has been configured to automatically interface with these devices. Unlike other OSes that are built around convenience above security, Qubes OS doesn’t do this by default, so it’s somewhat mitigated.
" A modified storage device could function as a boot device when it detects the computer is booting, and the computer would then boot from USB, loading a piece of malware (known as a rootkit) that would then boot the real operating system, running underneath it."
This is a real thing. The solution is to unplug devices you don’t know from your USB ports when you boot
As @necker said, much of what you’re conmcerned about is at the software level, namely Qubes OS. Thankfully, the devs have done an amazing job at mitigating these threats.
Take the USB hub to an airport, security checkpoint, or freight hub and ask for a copy of the X-Ray image, maybe?
All you are likely to see are CHIPS ON A PCB. Unless some evil person has stuck additional components inside the case with duct tape, it’s highly unlikely that you won’t be able to tell unless you run current through the chips and read them…
Why are we telling you this?
I’m trying to help you put everything in perspective, so that you can better understand the threats, and therefore be better prepared for them (and in turn, hopefully less stressed).