Chrome OS takes steps to block ‘Rubber Ducky’ USB attacks

Google is making Chromebooks less susceptible to sabotage via USB port

The Acer Chromebook 14 for Work with the lid closed

Google has said it will allow users to disable the USB ports on their Chromebooks when the screen is locked, in an attempt to counteract the problem of hackers exploiting the tech to infect a machine with malware.

USB ports may have provided the world with a very easy standard of sharing data, but they have also given hackers an equally easy opening, provided they have physical access.

Advertisement - Article continues below

These so-called "Rubber Ducky" attacks involve inserting a malicious thumb drive into a USB port, which tricks the computer into believing it is a keyboard, which then runs malicious commands. A number of variants of this nasty trick have emerged over the years, including BadUSB, PoisonTap, USBdriveby and USBHarpoon.

There's one surprisingly simple fix that eliminates the problem in one fell swoop though: if a hacker has to have physical access, then it makes sense that the computer's owner can't be around at the time. With that in mind, simply disabling the USB ports when the computer is screen locked sidesteps the issue. In other words, when the computer is unattended, it simply won't read any USB devices connected until it's unlocked again.

This is the approach that Apple took with an update to iOS last year, and now it looks like it's coming to Chrome OS. As spotted by Chrome Story, an update to the operating system's Canary build gives users the option to disable USB ports when the screen is locked. Users can enable it by modifying the Chrome OS flag: chrome://flags/#enable-usbguard

Helpfully, the USB ports will only be disabled for new devices so if you've started a big file copy and left your Chromebook unattended, you won't come back to find that its given up halfway through.

USB Guard is currently in the Canary build of Chrome OS, but you would imagine it'll emerge in a stable build of the operating system in the very near future.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now

Recommended

Visit/security/355013/10-quick-tips-to-identifying-phishing-emails
Security

10 quick tips to identifying phishing emails

16 Mar 2020
Visit/business-strategy/mergers-and-acquisitions/354941/panda-security-to-be-acquired-by-watchguard
mergers and acquisitions

Panda Security to be acquired by WatchGuard

9 Mar 2020
Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/security/privacy/355155/zoom-kills-facebook-integration-after-data-transfer-backlash
privacy

Zoom kills Facebook integration after data transfer backlash

30 Mar 2020
Visit/infrastructure/server-storage/355118/hpe-warns-of-critical-bug-that-destroys-ssds-after-40000-hours
Server & storage

HPE warns of 'critical' bug that destroys SSDs after 40,000 hours

26 Mar 2020
Visit/security/data-breaches/355173/marriott-hit-by-data-breach-exposing-personal-data-of-52-million
data breaches

Marriott data breach exposes personal data of 5.2 million guests

31 Mar 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020