As someone who is naturally good at recognizing risk and who are striving to maintain a wholistic view on security, I’m wondering how to evaluate and reduce the risks of hardware accessories (I.e. charging plug-ins, Thunderbolt cables), specifically peripheral or generic devices imported from a company other than the manufacture of the primary device (I.e Apple).
Obviously, any time you use third-party hardware there is some small degree of risk they contain physical or digital spyware. This is true 100% of the time unless you built the hardware yourself. There are cases of physical and digital spyware in both big-name U.S. manufacturers and foreign manufacturers.
It’s usually safer to order an electronic accessory such as an iPhone charger directly from the manufacture, and the risk increases when using third parties and further with resellers.
I’m not sure how large the risk when using a third-party iPhone charger is, but it’s a serious enough risk if you’re serious about security that you should at least recognize it since it will have physical access to your phone, and potentially to your computer and whole network. The obvious risk is that it could install rootkits, I’m sure there could be more.
What are the risks of using third-party electronic accessories and how do we mitigate them?