USB-triggered emergency shutdowns

Sicherheit & Anonymität
von identified · 2 Beiträge
identified OP · 2026-02-03 15:13 #95608

Note: This will not help you if you don't have additional protections like FDE (Full Disk Encryption). Should you use this?​ To prevent LE from capturing your device while it's unencrypted. If you're a high value target. As a dead-man's switch. Setup​ 1. Make sure you have lsusb installed. Usually the package name would be usbutils. Once you see a list of USB devices, you're good to proceed to the next step. 2. Make sure you have reboot.sh in your home directory. (This isn't mandatory. You'll see why below.) 3. Copy the following bash script and give it executable permissions. What the script does​ The following is a diagram that describes what the script does. This script lets you choose a USB device to monitor, then checks if it is still connected every $INTERVAL seconds (default 1 second). If the USB device gets disconnected, it runs the $TRIGGER command. In this case, it executes ~/reboot.sh. First, tweak your variables present at the beginning of the script to whatever you like. Hence the reboot.sh script. You can change the $TRIGGER value to whatever command you want to run automatically. But, make sure the reboot command comes last. You can ensure this by maintaining the following format: Note: Make sure you aren't running any commands that require you to enter a password. If you need to run superuser commands, either set a NOPASSWD rule for that command, or run the script as root. We want everything to be quick and automatic. Usage​ 1. Once you have set up your script, execute it. 2. From the list, select the device you want to monitor. For example, I'll use the Flash Drive, so I'll type 1 and hit enter. 3. Now it's ready to go. You can now test if your script is working as intended. Removing the drive will reboot the system. Additional setup​ You should consider tying a cord from the USB device to your body if you're a target. Hooking it up to your belt would be a good option. In case your house gets broken into and you don't really have time to do anything, you could move and the USB would disconnect, running the trigger command and erasing all evidence. This is exactly what BusKill does, but without the special cord, attachments, and program. Final notes​ This is an (almost) feature complete replica of usbkill . usbkill needs python to run, which I doubt everyone wants to install. You can compile the script into a single binary, but I'd rather do things simple and minimal. It also requires to be run as root, which again, increases your surface area. I hope the guide helped. Cheers!

Stewie · 2026-02-03 16:10 #95625

Thanks for sharing! One way to make something like this a bit stronger could be combining it with USBGuard (or similar tools). It helps block unknown/new USB devices by default, and you could then trigger the shutdown only when your specific device gets removed. That would avoid the constant polling and react faster overall