This has been around for a while, and given the vulnerabilities in USB stacks and OSes is somewhat dangerous. When it appeared over at Reddit someone called it a "USB glory hole."
Same thing applies to chargers in public places. You never know whether it's just a charger.
For chargers, yes. For getting data of a "dead drop", obviously not, and also not if someone connects high voltage or something crazy like that. Or someone manages to exploit the power management system by turning power on and off in just the right way, but that seems far-fetched.
Are there any kind of restrictions or requirements that would ensure that a random embedded USB flash drive in the side of a wall in a dark alley would not contain BadUSB exploits, keyloggers, etc.? I kinda assumed initially that this was an extension of the creator's original art project, but it seems like people are actually using these--the security concerns far outweigh the novelty, in my mind.
I'm going to assume that there's no way for the creator to enforce this, anyway - but is there any way to access one of these without endangering your machine? I'd rather not use a burner-laptop every time I try to see what's on these guys.
I'd say it's pretty risky either way, but you could insulate yourself from risk somewhat by using a raspberry pi with a fresh image on the SD card each time.
Also, if it's possible to run a raspberry pi from a write-protected SD card (and assuming that SD-card write-protection hardware switches are actual hardware disables not something that just sets a flag that the software can ignore), then you may not need to clean the SD card every time either.
I would assume that it's possible, especially with a Linux laptop, to prepare a USB port to simply mount a drive and not do any of the other magic (like installing human interface devices, or whatever) that leads to vulnerabilities.
Assuming you could get a secure USB controller. It should be possible to tell the OS to only allow a USB Mass Storage device to connect on a particular bus for a particular period of time.
For a more interesting project that resembles a "anonymous, offline, peer to peer file-sharing network in public space" -- but is in fact much more useful, see Edgenet:
• LibraryBox [1] is an open source, portable digital file distribution tool based on inexpensive hardware that enables delivery of educational, healthcare, and other vital information to individuals off the grid.
Seeing as this project is 5 years old, I'm curious how many of these are still functioning? None, I would guess, since it seems like more of an art project... but still, I'm a little curious. Is anyone close to any of these that could test them out?
Same thing applies to chargers in public places. You never know whether it's just a charger.