UsbKill "is an anti-forensic kill-switch that waits for a change on your USB ports and then immediately shuts down your computer."
https://github.com/hephaest0s/usbkill
Not to be confused with the hardware device that fries USB ports with high voltage, this UsbKill is a Python application that watches for changes in your USB ports. Once it detects a change, such as removing or inserting a non-whitelisted device, it immediately wipes RAM, encryption keys and shuts down the computer in a fraction of a second. If you have full disk encryption running, your computer is now in a safe state.
It's well known that when law enforcement raid premises, one of the first things they do with running PCs is to insert a USB mouse jiggler to prevent the screen locking. Even with the screen locked, many attempts to image the drives require insertion of a USB cable or device. With UsbKill, this will cause the PC to wipe RAM and shutdown.
It can be inconvenient to whitelist your USB devices, and it's almost a certainty you'll forget to whitelist a device at one point and end up powering off your system non gracefully. UsbKill doesn't allow whitelisted devices to be removed, so no matter what you whitelist, any USB device that's already inserted when you start UsbKill cannot be removed without shutting your system down. This is a minor headache for what is a great utility.
A good compromise I've found is to configure UsbKill to run only when your screen is locked. You shouldn't be away from your computer unless it's locked anyway, so this solution works well. This is my solution for Debian with KDE Plasma, however most OS's should have a method for configuring this.
Under Settings > Notifications > Application-specific settings > Screen Saver > Configure Events you can run commands. If your main usbkill.py is located within /home/user/usbkill/usbkill.py, you need to create a shell script called usbkill_start.sh containing:
#!/bin/bash
/bin/sudo /bin/python3 /home/user/usbkill/usbkill.py
Have this run on screen locked. To kill it when the screen is unlocked, create another bash script called usbscreen_kill.sh containing:
#!/bin/bash
/bin/sudo pkill -f usbkill.py
Have this script run on screen unlock.
Chmod both scripts to make executable and test.
It's also possible to use UsbKill as a dead mans switch with a lanyard connected to a magneticly attached USB dongle. You can attach it around your wrist and if you are physically pulled away from your device (ala Ross Ulbricht), your device shuts down immediately. Your own threat model dictates how you implement this. It takes a little bit of configuring to get it all working, but is a powerful addition to your physical security setup.
Happy to answer any questions on this or help you getting it setup. For me, knowing that when my screen is locked, any tampering (insert or remove USB devices) immediately shuts down my system is perfect. Obviously this is useless without full disk encryption which you should have running anyway.
You can also build a mercury tilt switch connected to a USB dongle. This means any movement shuts your system down. A laptop will shutdown if picked up or moved, and a tower setup will too. Lots of creative ways you can build this into your setup.
https://github.com/hephaest0s/usbkill
Not to be confused with the hardware device that fries USB ports with high voltage, this UsbKill is a Python application that watches for changes in your USB ports. Once it detects a change, such as removing or inserting a non-whitelisted device, it immediately wipes RAM, encryption keys and shuts down the computer in a fraction of a second. If you have full disk encryption running, your computer is now in a safe state.
It's well known that when law enforcement raid premises, one of the first things they do with running PCs is to insert a USB mouse jiggler to prevent the screen locking. Even with the screen locked, many attempts to image the drives require insertion of a USB cable or device. With UsbKill, this will cause the PC to wipe RAM and shutdown.
It can be inconvenient to whitelist your USB devices, and it's almost a certainty you'll forget to whitelist a device at one point and end up powering off your system non gracefully. UsbKill doesn't allow whitelisted devices to be removed, so no matter what you whitelist, any USB device that's already inserted when you start UsbKill cannot be removed without shutting your system down. This is a minor headache for what is a great utility.
A good compromise I've found is to configure UsbKill to run only when your screen is locked. You shouldn't be away from your computer unless it's locked anyway, so this solution works well. This is my solution for Debian with KDE Plasma, however most OS's should have a method for configuring this.
Under Settings > Notifications > Application-specific settings > Screen Saver > Configure Events you can run commands. If your main usbkill.py is located within /home/user/usbkill/usbkill.py, you need to create a shell script called usbkill_start.sh containing:
#!/bin/bash
/bin/sudo /bin/python3 /home/user/usbkill/usbkill.py
Have this run on screen locked. To kill it when the screen is unlocked, create another bash script called usbscreen_kill.sh containing:
#!/bin/bash
/bin/sudo pkill -f usbkill.py
Have this script run on screen unlock.
Chmod both scripts to make executable and test.
It's also possible to use UsbKill as a dead mans switch with a lanyard connected to a magneticly attached USB dongle. You can attach it around your wrist and if you are physically pulled away from your device (ala Ross Ulbricht), your device shuts down immediately. Your own threat model dictates how you implement this. It takes a little bit of configuring to get it all working, but is a powerful addition to your physical security setup.
Happy to answer any questions on this or help you getting it setup. For me, knowing that when my screen is locked, any tampering (insert or remove USB devices) immediately shuts down my system is perfect. Obviously this is useless without full disk encryption which you should have running anyway.
You can also build a mercury tilt switch connected to a USB dongle. This means any movement shuts your system down. A laptop will shutdown if picked up or moved, and a tower setup will too. Lots of creative ways you can build this into your setup.