[Noisebridge-discuss] Physical USB block

Glen Jarvis glen at glenjarvis.com
Sat Feb 20 20:48:26 UTC 2016


Punching a hole in one of the listed items, these "locks" only block the
port and can be removed fairly easily with tweezers and/or screw drivers:

http://www.amazon.com/Lindy-USB-Port-Blocker-Orange/product-reviews/B000I2JWJK/ref=cm_cr_pr_btm_link_2

Given this physical limitation, I'm still willing to purchase a device that
blocked generally but allowed me to use with an adaptor. It's not
completely secure, but is at least better than the situation as it stands
now.

Cheers,


Glen


On Sat, Feb 20, 2016 at 12:38 PM, Glen Jarvis <glen at glenjarvis.com> wrote:

> I don't think there is any secret that USB attacks are completely feasible
> and impossible to detect after the fact:
>
>
> *
> http://www.extremetech.com/computing/187279-undetectable-indefensible-security-flaw-found-in-usb-its-time-to-get-your-ps2-keyboard-out-of-the-cupboard
>
> * https://srlabs.de/badusb/
>
> *
> http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html
>
>
>
> Often we miss the low-tech more obvious physical solutions to problems.
> For example, this solution is a perfect low-tech solution to Webcam hacks:
>
> http://www.amazon.com/Black-Slider-Webcam-Cover-Professional/dp/B018N0LCNM
>
>
> I have a MacbookPro that I keep reasonably secure (well, as reasonably as
> one can without controlling the OS yourself and without the ability to
> completely trust Apple's security).  Within those parameters, I would like
> to block my USB Devices.
>
> I know that I can physically block my devices with a tool such as these:
>
> *
> http://cdn.opentip.com/Electronics/Lindy-Usb-Port-Blocker-Pack-p-1971183.html
>
> *
> http://www.kensington.com/us/us/4483/lock-anchor-points-accessories#.VsjNYZMrJE7
>
> [It's not clear to me, however, how easily I could remove the USB block
> with the provided keys. Or, if what I'm about to explain below is already
> solved in the above solution.]
>
> I would like is a device that would allow me to take my tin hat off when I
> want to. For example, a physical block like above that would allow a
> connection into it and pass the connection to the USB port inside.
>
> Physical keys (although they can be picked) generally allow only one
> physical connection to perform a function (turning the lock). Is there a
> USB Port blocker like above that would take it's own unique insertion,
> passing the connection through the blocked USB device.
>
> I would wish to use the device by placing it (as an adaptor) on a USB key
> that I trust and then plugging that into the port blocked device. This
> would allow some of the convenience of using USB as long as one had the
> connector that would convert a USB to be connected to the blocked port.
> This would allow a moderate increase in physical security -- at least one
> would need to remove the blocked port and bypass the adaptor key to plug in
> a USB device.
>
> In summary, my macbook USB ports would all be "port blocked" with a plug.
> And, each time I wanted to use USB, I simply took out my adaptor key,
> placed it on the USB device in question, and then inserted it into the
> "blocked port".
>
>
> I am surprised I can't find this device to purchase. Has anyone found
> someone like this?
>
> If not, would someone start a kickstarter, make a million dollars off this
> idea, and make a similar device that I can purchase :)   Tell me where to
> sign up. :)
>
>
> Cheers,
>
>
>
> Glen Jarvis
>



-- 

Machines take me by surprise with great frequency.

--Alan Turing

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.>+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++.<<<<<<<<<<<<<<<<<<
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.noisebridge.net/pipermail/noisebridge-discuss/attachments/20160220/978849c8/attachment.html>


More information about the Noisebridge-discuss mailing list