I have a question. The only way to ask it is with a hypothetical example.
Lets say a person lives in a country we can call this place Arstotzka just for the sake of the example. And a person buys online a microphone to use for talking to people securely on Qubes with.
So in Arstotzka they learn about this online order and they intercept this microphone before it reaches the home of this person. And they replace the usb microphone with various things. Maybe firmware. Maybe even some sort of device hidden in the USB area.
Here is what I wanna know. What options do people in such a situation have in this case?
I came up with a few ideas my self. But all my ideas are hypothetical and I wanna clarify with you all to see if any of my ideas might work.
They buy a USB microphone at a store they trust reasonably enough to sell clean USB microphones?
They cut off the USB part at the end of the Microphone and use a sodering iron to attach a new USB attachment at the end which they know is clean?
They use a disposable usb vm which will only allow the attached VM to be compromised but prevent dom0 from being compromised. Is that right? Is qubes secure enough that it would stop a compromised microphone from reaching dom0 and compromising it? I was reading in notes somewhere that the new version of qubes coming will have new security for audio so I was not sure if maybe… microphones are not as air tight secure yet?
Similar to above, just use Qubes as is because actually its already setup so secure that even if there was BadUSB or a bug in the microphone it self its… it can’t compromise dom0?
Take something that can conduct electricity and apply enough electricity to burst any bugs in the microphone. And hope they don’t also ruin the microphone part it self?
Attach a USB Adapter they know is secure to the USB microphone and then to the Qubes computer?
Try to figure out how to plug in a analog microphone into a Qubes computer? I don’t think Qubes can do this yet though. At least I tried and it didn’t work.
These are all the ideas I could think of. I hope this thread is useful to some of you and someone has some ideas and can help me understand this better.