I would like to understand the rationale behind Qubes 4.3 disallowing opening drives in sys-usb? This was possible in prior Qubes OS versions. I was under the impression that it is more secure to copy a file from a drive attached to sys-usb rather than attaching that same drive to an AppVM. Was I wrong? What are the risks of allowing sys-usb to mount drives as described here:
Hi.
sys-usb has generally PCI USB controllers attached to it. Which could have more than one port. Let’s assume user connects a trusted USB drive (e.g. containing some sensitive files) to one port. In the same time, another port has some malicious HID controller or network controller attached to it. O.MG cable is one of such covert data collection and exfiltration devices. In such scenario, the exfiltration device would be hypothetically able to mount & read sensitive information from that drive and send it to bad actors.