Chromebooks may get USBGuard to protect against rogue USB attacks in Chrome OS 69
A triad of commits made on the Chromium Gerrit suggests that protection against rogue USB attacks on Chrome OS 69 is coming. This will come in the form of USBGuard, which is effectively a USB whitelisting method. It protects against unknown USB devices by authenticating them. This includes the likes of BadUSB, which abuses an inherent characteristic of how computers make use of USB devices. Simply put, computers trust USBs too much in saying what they truly are. You can reprogram a simplistic USB to masquerade as a keyboard to then execute commands, for example. Thankfully, those using Chromebooks will be protected by default likely come September.
If you’re wondering where we found out that devices will be protected come September, it’s thanks to a comment made on the third commit. The comment specifically suggests switching on the USBGuard flag for all users in Chrome OS 69. According to the Chromium calendar, that branch starts development next week and will be released as a stable build sometime around the week of September 4th. While Canary builds start next week, it’s a build flag that can only be enabled by the development team when they release installable images for Chromebooks.
Admittedly, BadUSB hasn’t become much of an epidemic yet. It’s been around a few years now, but due to its nature, it would have to be a very targeted attack. Nevertheless, protection against exploits is always a good thing. The only problem is that it may misidentify devices as being malicious, when in reality they may be unknown or unbranded devices. There should be very few of those misidentifications though, as USBGuard uses a number of device attributes to identify whether to block it or not. USBGuard is currently a Linux-only protection mechanism as it leverages USB device authorization feature which has been present in the Linux kernel since 2007.