Stefan Some USB hubs/switches/controlers support being disabled per port. Random example article found at https://support.microchip.com/s/article/Controlling-USB-Hub-Ports-from-Linux
You can have a script/alias on your system to enable or disable/poweroff a port. I played around with this and a mouse-jiggler and it worked. Beyond USB-storage I would be concerned with USB-HID that can run keyboard commands. Another issue to be aware of is hidden USB network interfaces. On Thu, May 14, 2026 at 9:19 PM Stefan Monnier <[email protected]> wrote: > > > Charge-only cables are also in demand as a security measure for people > > wishing to safely charge devices on randomน USB ports found out in > > the world. > > Indeed. I wish my USB cables came with a little switch to control > whether to connect the data wires or not (would beat the hell out of > trying to remember which cables are power-only and which aren't). > > > In an ideal world you plug your device into a USB port and if whatever > > it is connected to wants to do anything other than negotiate charging > > then positive action has to be taken by you. But, software has bugs and > > some people want a second level of defence. > > Not just bugs: I don't know of any OS out there that is even designed to > behave like you describe: they all automatically accept to recognize the > other end as whichever device (or set of devices) it claims to be. > > > In the other direction, infiltration has been done by leaving USB sticks > > on the floor of the car park and hoping some employee plugs one in to > > see what's on it. Some workplaces physically disable USB ports on their > > computers because of things like that. > > Indeed. It may look like a harmless USB key, but it may decide to tell > your machine that it's a keyboard+mouse+wificard and start sending made > up keyboard/mouse events and whatnot. > > To bring this discussion back to Debian: does someone here know of a way > to configure Debian so it asks for explicit confirmation before > accepting new USB devices? > > > === Stefan > -- - Andrew "lathama" Latham -
