Topic: USB port blocker (Read 534 times)

Yup, you and me!
But we're not spending time at a cafe all day looking for phones and laptops to grab and rush out of it in one second!  I knew a few guys back in the days who although didn't even own a car knew with just a quick look at how each car had its mirrors fixed and how long it took to grab them and the price for it!


No, there is no such thing, or my kid doesn't have the latest firmware! 
The spouse yes, the kid, damn I'm learning every day there is no such thing, and if he can't grab it access it play with it he will just break it! 
We initially had those so-called baby locks on the power sockets that look just like this one, we ended with cover boxes!


Ok, so I might have got this wrong from the start, thus reaching the wrong conclusion but are those things unique like keys or it's just one universal tool that can unlock 1000 of those Lindy keys?
I had the impression is just a simple usb shaped piece of plastic that has the same locking mechanism and shape for every single one of those. Then it still makes no sense, if somebody is waiting around with a stick full of malware he will have the $20 key also, right?

That makes sense, unlike the Kensington opening, USB ports aren't designed to be locked on the inside. This feels like a highly overpriced product anyway, it should be 20 for $2, just like camera covers.

My kids know my desk is off limits

This guy on YouTube says he bought his device with a USB port blocker and was able to remove the blocker using a slightly bent paper clip. He bent the paper clip like a hook and pulled the blocker out. I am not sure how long it took him, but he destroyed the plastic cover at the top of the port blocker while doing it, so I guess it's not as easy as it looks. Still, looks more like protection from your children and not a patient attacker.

https://www.youtube.com/watch?v=zTxgj4Zz8Ig

Wouldn't a much better solution be if your computer doesn't do anything without your approval? I know USB is designed to be "Universal" and "plug and play", but it's much safer if your computer doesn't start anything when a connection is made. Manually mount a drive when you need one.

Isn't this a movie thing? Someone plugs in an USB stick, and all data on the screen starts animating towards the stick

I still prefer to stop physical access at a much larger scale, for instance with a lock on a door. Once they've gained access to your computer, you're kinda too late already.

QR-codes are limited in size:
I thought resetting passwords by removing the CMOS batteries was something from last century.

If the separation between users on your OS is so crappy you have to worry about hardware being added, there's a much bigger risk coming from anything they download from the internet.

Yeah this would work with my wife and prevent errors on her part. It also could delay a quick break in thief as he or she may not want to take the time to figure out what you did and look in your bedroom for cash or jewelry

Was thinking about it a bit and actually came up with one very small possible use for it. To prevent people from doing something stupid.
i.e. you have a PC at your house that others (spouse, kids, whoever) have access to. If the you have no use for USB ports but don't want to shut them down in BIOS but don't want the risk of someone plugging something in then these things would work.

But, over the last couple of weeks this is the ONLY thing I could come up with.

-Dave

Yeah, my bad, I shouldn't have asked what they're protecting against but more like why do you even need that protection?
It still looks like a "anti tiger rock" to me!

Let's assume you have sensitive data, important data, and your laptop is used to gain access to more sensitive data, why in the name of god would you leave that around with people able to walk by and temper with it? Are you in a cafe, on a trip, just put the damn thing in its case while you walk away, the chances of somebody actually running with it are far higher than some secret agent following you 24/7 and waiting for that moment. Are you concerned about this happening at work while you leave your device alone for a coffee break, for going to another department etc, then your company has a ton more problems than this!!!

But we started this from guys that don't walk with nuclear codes and more with the concern of our Bitcoin funds.
Now,  why would you have your wallets on a laptop you're in a habit of leaving around?
Somebody who would try to follow you around to do that will likely just rob you when you're alone rather than follow you 24/7 and leave his face on 1000 security cameras all over town.

For some guys it might be a solution, but for your average Joe who carries a few mbits in his wallets and wants protection is just overkill.
Besides, it might actually trigger more unwanted attention!

You can have non-persistent storage on the tails and still copy the Electrum APP image, open your electrum wallet by importing seeds, perform the offline transaction signings etc and once your done, shutdown the tail. Now next time when you open the tails, you have to repeat the same procedure as you selected non-persistent storage.

If this seems a hassle, (if you often want to sign transactions), you can also make it a persistent storage and protect the tails OS by a strong password. It would still be a safe cold storage because it never touched the internet.



You just need a 8GB USB with a free tails OS and your airgapped device is ready almost for free.

I would imagine that this is a worthwhile investment for an airgapped device considering that malware can get in though USB ports. Good to know about these blockers

But,
1. If you bother read Tails documentation further, there's also different page dedicated about issue related with graphic card (https://tails.net/support/known_issues/graphics/index.en.html).
2. Reinstall / upgrade Tails version doesn't guarantee it can solve the problem since the problem is hardware incompatibility.
3. If you copy Electrum Appimage to USB, that means you either create persistent storage or manually create additional partition.


These days Windows let you perform USB whitelist/blacklist. Although it's not as user friendly as software you mentioned.

If you have just some BTC in your wallet, simple hardware wallet will be ok. You can also look in expert level here - https://sparrowwallet.com/docs/best-practices.html. USB port locking software - https://www.gilisoft.com/product-usb-lock.htm - ~0.0019 BTC/lifetime.

Well, when i read these Known issues, the most common one is "Tails not starting at all", this won't be a problem for us because we are not making tails persistence storage. So if somehow your tails USB is unable to load the OS, becomes corrupt etc, you can reinstall tails to the same or a new USB.

Secondly, the Tails OS do not come up with an updated Electurm version but we can download the Electrum Appimage for Linux from https://electrum.org/#download and copy this image through the USB to the Tails. The tails remain airgapped as we never enable the Internet on Tails.

More or less to prevent attacks from these kinds of devices: https://shop.hak5.org/products/usb-rubber-ducky
If you come after me with a $5 wrench it's all known and there really is not much that can be done.
If you deploy a payload with one of those devices it could be a lot more difficult to figure out what the hell happened. And how to stop it from happening again.

-Dave

What's the point of these devices?
As far as their description, they would prevent connecting Pen Drives, Tablets and other USB to your computers....

Am I just stupid to not understand this but how is a stranger going to force his way to your computer, and how is a piece of plastic going to stop him?
- laptop in a cafe, that guy is going to run away with the damn laptop not do a 007 while you're farting your frappucino in the bathroom
- computer at home, so after breaking your door, stealing your watches and jewelry he will sit down, open your computer, perform a malware scan so his own malware is effective and then leave quietly and not touching your wallet at all.

Phil mentioned a set of pliers, but forget those one $10 wrench in the hand of a 120kg guy and you're going to undo every encryption yourself in seconds and that usb port is going to be the last hole you're worried about.

It's been around since at least 2011. So we are talking PCs that are 12+ years old at this point.




The problem you run into is that the PC has to have the PS/2 port 6-pin mini-DIN ports. Otherwise when you disable the USB then you don't have a keyboard.
Makes it REALLY hard to do stuff. So if you don't have the PS/2 ports a lot of times the bios does not give that option.

Sometimes is does have the option of only allowing USB for keyboard / mouse but that has it's own security implications.

-Dave

Only the BIOSes for enterprise computers have that I think, like hp pro and Dell Optiplex. I have never seen such an option to disable the USB ports on BIOSes for consumer desktops or laptops. Also I think it's a relatively new setting so it probably won't be on some workstation from 2008.

 a wallet with some cash say 20-35 bucks  -> Phone with hot wallet
 a money clip with more cash say 80-120 bucks -> PC with some basic security
 a hidden pocket with more cash say 300 to 400 bucks  -> Hardware wallet
 Everything else you left in a secure location like a safe -> 2nd hardware wallet that only the people that need to know actually know about.

Side note, I know someone who created one of those fake scam wallets that are floating around, and it's on her PC that is the one she uses for day to day stuff. So if someone knows she has crypto, and gets to that PC to get the wallet.dat file they are actually getting a figment of her imagination.

-Dave