Page MenuHomePhorge
Create Task
Maniphest T552

Packaging USBKill
Open, WishlistPublic
Actions

Description

USBKill (GPL licensed) is a really cool anti-forensics script written in the aftermath of the SilkRoad trial. Its purpose is to trigger protection events that prevents adversaries from siphoning files/installing malware/running a mouse jiggler. It creates a USB whitelist of allowed devices of which anything else plugged into the machine causes it to erase its RAM and immediately shutdown. This can be adjusted to exclude all devices.

It can also be used in reverse, with a whitelisted flash drive in the USB port attached to the user's wrist via a lanyard serving as a key. In this instance, if the flash drive is forcibly removed, the program will initiate the desired routines.

github.com/hephaest0s/usbkill
github.com/hephaest0s/usbkill/issues/75 - RFP

https://github.com/Lvl4Sword/Killer
https://github.com/Lvl4Sword/Killer/issues/31 - RFP

https://en.wikipedia.org/wiki/USBKill
https://7io.net/2015/07/02/python-usbkill-anti-forensic-usb-killswitch/#more-201

Overlaps with T905.

Details

Impact
Normal

Related Objects

Event Timeline

HulaHoop created this task.Sep 1 2016, 8:42 PM
Herald added a project: Whonix. · View Herald TranscriptSep 1 2016, 8:42 PM
Herald added subscribers: entr0py, WhonixQubes, Patrick. · View Herald Transcript
Patrick added projects: security, Whonix-Host.Sep 1 2016, 9:16 PM
Patrick updated the task description. (Show Details)Apr 23 2019, 10:38 AM
Patrick updated the task description. (Show Details)
Patrick mentioned this in T905: emergency shutdown on USB removal.
HulaHoop added a comment.Jan 7 2020, 4:51 PM

An interesting product that triggers a system wipe if the cable is pulled:

https://www.schneier.com/blog/archives/2020/01/usb_cable_kill_.html

Of course it is too risky and very likely to create a false positive. May risk the cable being backdoored in a waterhole attack if it requires a tailored hardware product to work.

Whonix OLD Issue Tracker · PLEASE DO NOT POST NEW TICKETS HERE · OLD Issue Tracker - Unread Notifications · OLD Issue Tracker - Feed · OLD Issue Tracker - Open Issues · NEW Issue Tracker · Homepage · Blog · Forum · Legal · Imprint · Privacy Policy · Terms of Use · Disclaimer