Chrome OS to block USB access while the screen is locked
Google will add a new security feature to Chrome OS, the company’s web-based operating system that powers its Chromebooks devices.
The new feature, named USBGuard, will block access to the USB port access while the device’s screen is locked.
According to a Chrome OS source code commit spotted by Chrome Story earlier this week, the new feature is currently available in Chrome OS Canary builds and is expected to land in the stable branch of Chrome OS soon.
Once this happens, users can enable it by modifying the following Chrome OS flag: chrome://flags/#enable-usbguard
The way this security feature is meant to work is by preventing the operating system from reading or executing any code when a USB-based device is plugged in, and the screen is locked.
Google took this precaution to prevent Rubber Ducky-type of attacks. A Rubber Ducky is a well-known term used to describe a malicious USB thumb drive that when plugged into a computer mimics a keyboard and runs malicious commands.
A threat actor that has even temporary access to a computer can plug in one of these tools into a PC while the target is away from his computer and retrieve data or infect it with malware.
Most of these attacks can be prevented by disabling the USB port, and this is what Google is doing by giving Chromebook owners an option that disables the USB port altogether while they’re away and the device is in a locked state.
Apple rolled out a similar feature for iOS in July this year. iOS 11.4.1 included a new feature that required users to unlock their device after an hour of inactivity before allowing any activity over a USB port.