[Noisebridge-discuss] Physical USB block

Glen Jarvis glen at glenjarvis.com
Sat Feb 20 20:38:54 UTC 2016

I don't think there is any secret that USB attacks are completely feasible
and impossible to detect after the fact:


* https://srlabs.de/badusb/


Often we miss the low-tech more obvious physical solutions to problems. For
example, this solution is a perfect low-tech solution to Webcam hacks:


I have a MacbookPro that I keep reasonably secure (well, as reasonably as
one can without controlling the OS yourself and without the ability to
completely trust Apple's security).  Within those parameters, I would like
to block my USB Devices.

I know that I can physically block my devices with a tool such as these:



[It's not clear to me, however, how easily I could remove the USB block
with the provided keys. Or, if what I'm about to explain below is already
solved in the above solution.]

I would like is a device that would allow me to take my tin hat off when I
want to. For example, a physical block like above that would allow a
connection into it and pass the connection to the USB port inside.

Physical keys (although they can be picked) generally allow only one
physical connection to perform a function (turning the lock). Is there a
USB Port blocker like above that would take it's own unique insertion,
passing the connection through the blocked USB device.

I would wish to use the device by placing it (as an adaptor) on a USB key
that I trust and then plugging that into the port blocked device. This
would allow some of the convenience of using USB as long as one had the
connector that would convert a USB to be connected to the blocked port.
This would allow a moderate increase in physical security -- at least one
would need to remove the blocked port and bypass the adaptor key to plug in
a USB device.

In summary, my macbook USB ports would all be "port blocked" with a plug.
And, each time I wanted to use USB, I simply took out my adaptor key,
placed it on the USB device in question, and then inserted it into the
"blocked port".

I am surprised I can't find this device to purchase. Has anyone found
someone like this?

If not, would someone start a kickstarter, make a million dollars off this
idea, and make a similar device that I can purchase :)   Tell me where to
sign up. :)


Glen Jarvis
