Usbkill Script Can Render Computers Useless

The new tool is a small Python script that users can download and run on any machine. The script then will monitor the machine for any changes in state on the USB ports, like when someone removes or plugs in a USB drive. If a state change is detected, the usbkill script then will disable the machine immediately.

[adsense size='1']

A developer who uses the name Hephaest0s released usbkill on GitHub recently, and the tool could have a wide range of uses, especially for anti-forensics applications. The usbkill script could effectively prevent analysis of a machine. In an email, the developer said usbkill is designed for some specific threats.

“Usbkill keeps watch on the computer’s usb ports, and if any change is observed it will shut down (kill) the computer. This means that if you add or remove a usb drive, the computer (running usbkill) will immediately crash,” Hephaest0s said.

“For additional security one might attach a usb key to one’s wrist (using a lace) and plug it into the computer, to start the usbkill program ofter the usb is inserted. If your computer is forcefully removed from you, the usb attached to your wrist will likely be removed from your computer, killing it. This essentially means you have a usb-dead-switch for your computer.”

The usbkill script has anti-theft, as well as anti-forensics, applications.

“In case the police comes busting in, or steals your laptop from you when you are at a public library. The police will use a `mouse jiggler’ to keep the screensaver and sleep mode from activating. If this happens you would like your computer to shut down immediately,” Hephaest0s wrote in the documentation for the usbkill script.

The possibility of needing to protect against forensic examination of a laptop has become quite real in recent years for many people. Security researchers, political activists, journalists, and many others can find themselves subject to laptop seizures or searches at various times. Depending on the country, legal issues could arise from using a tool to modify a machine to prevent forensic search, but for users who are mainly worried about theft, usbkill is a new option to make laptops useless to potential thieves.

[adsense size='1']

“In case of false alarm you’d like to recover your files. This is not a problem as any files you saved on your computer will still be there once you re-start your computer. But, unsaved changes remain lost. Do note that your hard drive should be encrypted when using usbkill. Hard drive encryption can easily be turned on using, amongst other alternatives, windows bitlocker, apple filevault or linux luks,” Hephaest0s said by email.