Soon enough, USB devices won't work on locked Chrome OS devices, and that's a good thing. According to Chrome Story, Google has been working on a new safety feature that can already be found in the Canary build.
Called USBGuard, it makes sure the machine doesn't read or execute any code from a USB device plugged into the device after it had been locked.
The latest Canary version has this, among patch updates:
“Lock new USB devices at the lock screen. Prevents newly connected USB devices from operating at the lock screen until Chrome OS is unlocked to protect against malicious USB devices. Already connected USB devices will continue to function. – Chrome OS”.
This is a feature that aims to incapacitate “Rubber Ducky”, a malicious USB drive that mimics a keyboard. It is disguised as a generic USB drive, with computers accepting keystroke payloads at more than 1,000 words a minute.
The devices that were plugged in before the device was locked will continue to work, so any peripherals or data transfer dongles will continue operating as usual. Users will also have the option to whitelist any devices, in case they’d ever want to plug anything into their machine before unlocking it.
The patch notes explain:
“Add USB Bouncer feature flag for Chrome OS. This adds the USB Bouncer feature flag that controls whether or not a user specific USB device whitelist will be used for generating the policy for USB Guard.”
Image Credit: Photo-Mix / Pixabay