Remember the USB fans from Singapore that were in the news? @HackingThings and I took some more of them apart and there's plenty of potential for foul play. 
This is an older lightning port fan that @HackingThings had. No surprise there's a chip in there to speak SDQ to tell the iPhone to supply power
We hooked up a @saleae logic analyser and tried @stacksmashing's protocol decoder:
Nothing surprising or malicious there, but there's still more to look at. What about the other pins?
With the unmarked soic-8 chip off we see that 2 more pins are idle on the logic analyser captures, but actually connected the lightning conector data pins!
What does this mean? Whatever chip is in there, it's likely a microcontroller - with firmware to negoitate power, but all the hardware is there for USB connectivity. And this fan doesn't work with newer iPhones... Must need a firmware update.
But wait there's more! @HackingThings bought some new fans that did work with newer iPhones. But this one was a cost reduced version with just a SOT-6 chip:
And check it out! Even this smaller device has data pins connected!
What's this all mean? It depends.
Are these devices backdoored? Most likely not. Design for test and design for flexibility would make the same design choices as design-for-malicious-hardware-implant.
Are these devices backdoored? Most likely not. Design for test and design for flexibility would make the same design choices as design-for-malicious-hardware-implant.
Can these be reprogrammed to be malicious? Probably. It would take some hardware sleuthing to identify the chip and reprogram it as is.
Can these be hardware modified to be malicious? Absoluey. You could even find a pin-compatibme microcontroller to replace the stock chip. Or you could just make your own from scratch.
What's the moral? Implicit trust in hardware is dangerous. Finding hidden functionality in hardware is HARD. Go ahead and use USB and other hardware devices, but be aware that there is always risk involved.
