Tool prevents authorities from accessing data on the machine

May 5, 2015 15:19 GMT  ·  By

A tool intended for individuals who encrypt the data on their computer helps locking everything up by initiating a computer shutdown event when activity on any USB ports is detected.

If someone plugs or removes a USB device from the system, the tool terminates the activity of the system, forcing the encryption on the data.

Unauthorized USB activity triggers data encryption

The product is a Python script called USBKill, and as its developer says, it can come in handy when the computer is stolen from a public place, preventing the thief from accessing the information on it.

USBKill can also be a solution for hackers (black or whitehat) receiving a sudden visit from law enforcement and who do not have the time to close the laptop lid.

“The police will use a ‘mouse jiggler’ to keep the screensaver and sleep mode from activating,” details h3phaestos, the creator of USBKill, in the description of the tool.

Another solution he provides is to tie the USB drive to the wrist and start the script. If someone tries to steal the laptop, the device is automatically turned off and the data is protected.

Custom commands are planned

The project integrates only this basic functionality at the moment, but h3phaestos plans on adding more commands that would allow the user to customize the actions taken on detecting USB activity.

Although only cybercriminals may appear to fit the profile of a USBKill user, the script provides benefits in abusive situations, where authorities rely on their power to search someone’s computer without legal grounds.

Activists and journalists, particularly those in countries where freedom is not a right for everyone, could rely on this tool to hide information about sources or communication considered illegal.

If providing the login password for the system cannot be avoided, users could opt for a solution that removes incriminating traces, like restoring the system to a clean state upon rebooting. This can be easily achieved if work is done in a virtual machine that refreshes to an earlier, safe version when restarted.