Virtually any USB, IDE, SATA, Parallel or PCI(e) device can be made into a malware conduit. If you're that paranoid (or that high a profile target), suggest you avoid any electronics with VLSI circuitry.
It's risk vs. reward-- Reward for hacking arduinos at the factory is minimal, risk for the factory is huge. Look at what Huwei is being subjected to, at least partly because they're a competitor to western companies-- but also because there have been examples of code spying by manufacturers, and it's always ended badly for them.
Similarly, code can be compromised, but you probably can't get low-level enough on the USB port with stock Arduino libraries to achieve anything truly malicious, and NOT using stock libraries is a huge red flag.
My opinion as an IT guy with 30+ years experience is that the risk from Arduino is "low". Your cellphone, your gmail account, your amazon account, are all tracking you much better than Arduino could ever manage.
Also, my opinion is that "cloud computing" simply means "someone else's computer". The level of trust available for cloud computing is roughly zero, because you have no way of auditing their code, their logs, or knowing what security practices they have in place.
Paranoia isn't unreasonable in this day and age-- but you have to be careful not to let it get out of hand. Ultimately, what the Snowden / NSA dump proved is that if a nation-state wants to target you, the odds are in their favor, so if there's anything you don't want the government or others finding out, don't put it on a computer on the internet.
Bookmarks