Is Chinese hardware from AliExpress actually risky?

I need to purchase some USB flash drives with a physical write protection switch. I’ve seen Kanguru be recommended but it is extremely expensive. I searched on AliExpress and found a much cheaper alternative from Netac. When I read about Chinese hardware online, a lot of people trash it for being risky. I’m aware that fake flash drives are common everywhere and this would be no exception but I’d assume AliExpress would need to accept a return for a faulty item.

Aside from that, the main concern I see from strangers online is that Chinese flash drives will include malware or backdoors. Is there any merit for that anxiety? I wouldn’t be surprised if some hardware has been backdoored before, but this is also the case in western countries and I don’t see those same people urging everyone avoid American hardware companies. I haven’t done much research but it appears that Netac is a known company and AliExpress seems to be a legitimate marketplace. While I’m sure there are sketchy sellers (much like Amazon) is this Netac USB risky to trust? I’m also open to alternative suggestions.

What exactly will you be using USB drives you purchase from AliExpress for?

Is this for live-OS?

@ihateKYC @basenote Yes, one of my uses is to boot live operating systems off them.

I don’t think it would be an issue. Reformat it for good measure if you want when you receive it and then install a live OS on it. You should be fine.

If it is for LiveOS, you probably can set readonly attribute using windows commandline diskpart (or any linx equivalent) after creating the live CD?

Couldn’t that just be disabled? My reason for requiring physical write protection is to make it practically impossible for malware to infect the USB.

You can get a USB DVD reader and burn the ISOs to DVD.

Every hardware part with DMA could fully compromise your device. So yes, it is definitely a risk, which is why it’s preferable to get hardware from a reputable hardware company and reputable seller. How big the actual likelihood of getting such a malicious part from AliExpress is, is unknown to me.

This might be cheaper but I wonder if the speeds are bearable?

If you were in my position, how would you go about picking a trustworthy USB flash drive with physical write protection?

Live OSes (like Tails) are more reliant on CPU and RAM speed as they run purely off RAM. Basic internet browsing shouldn’t be a concern.

If you plan on maintaining persistent storage or utilizing a lot of applications, read and write speed could impact performance depending on what you use the drive for.

This is my understand as well.

There are some good advices in this thread and in this article

here are some tips to avoid and identify suspicious USB-C cables without high-tech gear:

Buy from a reputable seller: If you don’t know and trust the brand, simply don’t buy. Manufacturers like Anker, Apple, Belkin, and Ugreen have rigorous quality-control processes that prevent malicious hardware parts from making it into cables. Of course, the other reason is simply that you’ll get a better product — 3D scans have similarly revealed how less reputable brands can lack normal USB-C componentry, which can result in substandard performance. If you’re in the market for a new cable right now, see our top picks for USB-C cables.

Look for the warning signs: Look for brand names or logos that don’t look right. Strange markings, cords that are inconsistent lengths or widths, and USB-C connectors with heat emanating from them when not plugged in can all be giveaways that a USB-C cable is malicious.

Use the O.MG malicious cable detector: This detector by O.MG claims to detect all malicious USB cables.

Use data blockers: If you’re just charging and not transferring data, a blocker will ensure no data is extracted. Apart from detecting malicious USB-C cables, the O.MG malicious cable detector functions as such a data blocker.

Use a detection service: If you’re dealing with extremely sensitive data for a business or governmental organization, you might want to employ the services of a company like Lumafield to detect malicious cables with 100 percent accuracy. Any such service will come with a fee, but it could be a small price to pay for security and peace of mind.

And here is the OMG hardware that it refers in the article.

Edit: sorry, linked the wrong URL. Please remember if your question is answered to flag it so we can follow it better in the forum

The advice in this article almost entirely applies to USB charging cables, not USB flash drives.

That is very much the question of the thread. I’m trying to determine if AliExpress is an acceptable marketplace and if Netac is a trustworthy brand, at least when it comes to not including malware or backdoors in this product.

The main question hasn’t been answered, but I’m thankful for the advice I’ve been given which could be summed up as:

• It’s important to choose a trustworthy USB product.

• If I need a cheaper option than Kanguru but decide not to go with Netac, I can use a DVD reader with no write ability, but at the cost of performance depending on what I use it for.

@brinerustle @KevPham Maybe this should become its own topic but I tried looking for a read-only external DVD reader and couldn’t find anything, everything is read+write capable. Is this even an option in 2025?

Go ahead and make a new post. I think this topic is mostly about USB drives anyways