On Tue, 2014-10-28 at 10:59 +0100, Tobias Mueller wrote:
Anyway, we might only want to disable USB while the lockscreen is on and re-enable when the lockscreen has been unlocked.
Yes, this seems like a good starting point, but I would expect more than just this much from an OPW project. So for the non-lock screen case: nowadays a malicious USB storage device will identify itself as a keyboard or network device or a USB hub to the operating system. I wonder if it would be feasible to protect users against this, e.g. by popping up a dialog with a big picture of a storage drive opposite an image of a keyboard and asking "What did you plug in?" (Obviously if the USB device identifies as a flash drive, there's no reason to do this.)
Attachment:
signature.asc
Description: This is a digitally signed message part