What kind of rights or permissions does a USB dongle have when plugged into the router?
For example, say you plug in a LTE dongle from Huawei, you just never know what backdoors there might be hidden. Is it possible for them to have code executed with root privileges as soon as its plugged in?
yeah.. but what do you mean?
If you're implying that the routers are also made in China and that they might have backdoors too.. how would the routers have backdoors if you flash them with OpenWRT?
Otherwise please clarify what you mean from the questions i have asked in the original post.
I mentioned the brand Huawei, because most of the USB 3G/LTE dongles out there come from them.
But was wondering about what kind of rights or permissions does a USB dongle have when plugged into the router? and if its possible for code execution as root user as soon as plugged in?
I think I understood the first time; but thanks for more clarification. No USB drivers whatsoever are installed by default in most OpenWrt devices. It should do nothing...in some devices, it won't even get power at that point of insertion.
"It" is not a user, "it" is a device
It is not a running program (which is ran as a user)
Even as USB, it should be the serial equipment you send commands to (I cannot remember Serial terminology at this point) - the router is the "terminal"
All devices are enumerated on the Linux filesystem
So root would be the user that could access the device
After installing the correct software, of course
I'm also referring to the device, not the provider.
Really (then how does it connect to their towers )...well if you believe that, then you should have no worries!
Dongles do not execute code on your router. The kernel drivers (provided by OpenWrt) communicate with the dongle by a binary protocol.
A dongle can of course intercept your Internet usage and "call home" to the manufacturer or any other site. The overall concept of OpenWrt or any router is to consider everything on the wan side of the firewall to be un-trustworthy.
I understand your sarcasm here...but tell me what you mean by this then:
I dont know how Huawei/other companies use our ISP to give us internet, so can you explain what you mean here? because i clearly dont understand.
If you are saying that i should worry about my connections being spied upon by companies like Huawei, why does that matter if you use a VPN/TOR from a PC? Why is being worried about the USB dongle having a backdoor used to do other potential type of LAN or internal network spying and other potential LAN device break-ins less important than WAN spying?
Tell this to Apple... But to play along, I will just say it's much easier to have that code preloaded in the design instead of "forcing" Foxconn to inject it at the right place so it's undetectable. Also this is not only about code, much easier to do it in silicon instead...