Layers. Ogres have layers (look up the movie quote, it's funny). You need to learn about layers. Seriously, your questions are making less and less sense, because you first need to understand a little bit about how storage devices (disks) and file systems work.
At the bottom, there are storage devices (like disk drives and USB sticks). They are typically connected via interfaces like USB or SATA. The operating system exposes them as devices, for example "/dev/da1". The only thing one can do with these devices is read or write "blocks" (often called sectors), with typically block sizes being 512 and 4096. The device driver for these devices is the thing that connects the physical piece of hardware to the computer's operating system, and takes read and write requests on /dev/da1 and executes them against the hardware.
Obviously, all modern storage devices (whether they are spinning disks or flash storage, whether connected via SCSI, SATA or USB) has internal firmware. For the purpose of this discussion, that is irrelevant: the storage device itself can only store blocks of a fixed size, and those blocks can only be read or written.
A storage device itself has no concept of modification time. The USB or SATA driver doesn't think about modification times or access time or owner or permissions or anything like that. As you wrote, the permissions that are set by the operating system make it so only root can read or write these devices. In practice, that matters very little, since block devices are very rarely used directly by programs (the rare examples are things like gpart
).
How do you access a block device? You can use the low level API (open(), read(), write(), close(), and so on), or the high level API (fopen(), fread(), fwrite() ...); those two are in effect the same, since the higher-level API simply uses the lower-level one. In C, just do "fd1 = open("/dev/da1", O_RDWR)" or something like that, and you get a descriptor you can read and write to. On OSes where there is a difference between block and character devices, you can only read some of them in multiples of the block size and on block boundaries; FreeBSD doesn't make that distinction.
The next layer up is the file system. It is usually inside the kernel (although there are userspace file systems, such as the ones that use the FUSE kernel adapter). Sometimes people call the file system code the "driver", which isn't all wrong, but also not particularly helpful. Because it is in the kernel, it doesn't have to worry about things like permissions. It takes one (or more) storage devices and exposes them using file system interfaces, using user-accessible objects like files and directories. Being in the kernel, it can expose these objects with interesting ownership and permissions. The file system implements these objects having attributes, such as files typically having names (there is not always a 1-to-1 correspondence between files and names, but usually), having permissions and owners, and then the modification and access times you talk about. So the piece of code that implements a specific file having an mtime or an atime is the file system, and has absolutely nothing to do with USB, SATA, or the block device. Now, the various attributes (like names, permissions, times) need to be stored somewhere, which is in blocks of the underlying block device, just like file data.
You can also access file with the same APIs, using open() or fopen(): "fd1 = open("/home/ralphbsz/testfile.txt", O_RDWR)" and so on. Again, they amount to the same.
The file system has rules about when the time (a.k.a. modification time) and time (a.k.a. access time) of files and directories are updated. For example, if you open it with O_RDWR and write to it, the mtime will be updated. If you open it in any fashion and read from it, the atime will be updated. There are borderline cases (like for example: you open for RDWR, but then only read), and directories also have time stamps, and I can't remember which time will be updated in which case for those. If you really need to know, the POSIX standard is online and defines this super accurately.
As SirDice correctly pointed out, people who are criminally insane can read and modify file content by reading and writing the storage device directly, and that will obviously not modify any time stamps. They could even do crazy things like reading file system metadata (like the mtime!), and with enough evil intent even modify it. People who do this are either nuts and need to put into an asylum, or a geniuses and need to be given an award, or both. In practice, this just doesn't happen.
Last hint: On nearly all file systems, you can turn of atime (access time) updates. This makes sense, because then just reading a file doesn't change the state of the file system, and it makes things much more efficient. The atime is really an artifact from the bad old days when we didn't have real HSM systems, and is rarely needed today, so one should turn it off. On some file systems you can even turn of mtime updates; that doesn't give you much extra efficiency, and seems like a dubious idea in general.