Does WP(Write Protect) pin of a USB flash memory controller prevent tampering with its firmware?
I want to have an USB stick that I can make it read-only and insert it in any untrusted PC without risking a silent BadUSB infection.
I was thinking about finding an USB stick that has this WP pin in its controller and DIY mod an external switch to it for Write-Protection.
If you have any other simple/cheap solutions to have a 32-/64gb device that can be Write-Protected, please let me know.
No.
The firmware, kind of a little OS running on the USB drive, is a mediator between the OS where the device is plugged in and the NAND flash. If you make the device write protected it means the firmware now tells the PC that it can't write to the device.
This can't be circumvented by a well behaving OS, the USB stick will just block writes. But since the firmware has bugs too malware still could work around that and write to the device possibly updating the firmware itself. On the next "boot" (unplug/plug) of the device the malicious firmware can be loaded. For real write protection you need to block writes at the NAND layer. This has a WP pin which needs to be pulled to ground (check the data sheet of the chip to be really sure).
To my knowledge no USB device with WP switch does that. You can check yourself by testing the voltage of the WP pin.
When you manually pull the WP pin to ground the flash is write protected but the firmware won't know about it. Hence you still can "write" to the device but you can't read the file back or on the next "boot" the file will be gone.
No, the Write Protection pin will not protect the USB drive from being written into, and is not there to protect the firmware from being rewritten. That pin advertises to the computer that it prefers not being written into. It's the OS that decides if will honor that request or not. On Linux, you can bypass that and write anyway.
Second, the firmware uses another channel. You don't just plug in the drive and rewrite a file. You need special software to access the firmware, dump it, edit it, and flash it back. Some USB devices need to be plugged in with special pins shorted to enable firmware rewrite. And as there are lots of different USB controllers out there, the solution only works for one controller.
So, don't worry. It's possible to automate that, but it's too difficult, there's a lot of moving parts to care of, and there are easier vectors, like replacing your files with an executable with the same name and icon...
