OS: Ubuntu 14.04.2 - 64 bits

Whenever I launch usbkill, the nuking process happens. The strangest thing is I don't have any USB device plugged so I'm wondering what could possibly change but the log are not very helpful to see that:

2015-05-12 12:01:40.163343 [INFO] Started patrolling the USB ports every 0.25 seconds...
Current state:
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

2015-05-12 12:01:40.286210 Detected a USB change. Dumping the list of connected devices and killing the computer...
Current state:
Bus 002 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 002: ID 8087:0024 Intel Corp. Integrated Rate Matching Hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Hello. Thanks you for reporting this issue!

Indeed, the shut down process is triggered because there is 3 devices with the same Vendor/Product ID.

Are you in a virtual machine?

Can you disconnect all USB devices and try again? (you can run with the --no-shut-down option if shut down annoy you)

S.

That's the strange part: I'm not on a VM & the log was produced without any device plugged.

As I said:

Indeed, the shut down process is triggered because there is 3 devices with the same Vendor/Product ID.

This is why the computer shut down.

For the moment I have no fix because if I whitelist "Linux Foundation 2.0" Product/Vendor ID, an attacker will be able to spoof it and bypass the security but I'm still looking into this.

@pbellon could you specify the make and model of your computer?
Also, what distro are you using and did you do a distribution upgrade since you installed the os?

I'm on a Lenovo ThinkPad T530 & I use Ubuntu Trusty Thar 14.04.2. I don't remember to have made a distro upgrade since installation.

This affects me on my Fedora 21 thinkpad laptop, and since you say it depends on having multiple identical product and vendor IDs I would assume this problem affects other distros. For example on my Ubuntu 14.04 desktop I have the same lsusb lines as on Fedora.

Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

I like the idea of usbkill but I didn't like the execution so I made a fork.

I would do a pull request but I doubt it would be approved as the changes are rather extensive.

I like the idea of usbkill but I didn't like the execution so I made a fork.

@stemid: Is the problem has been fixed on your repo?

@pwnsdx no, instead I added an option to disable the duplicate USB IDs check.

I get why you do that check, it seems sensible. I just don't have that requirement myself, I only want a quick kill switch for my laptop if a USB drive is pulled out.

@stemid thanks for your work over at https://github.com/stemid/usbkill
Quickly going over your code I can see that there are some nice things in there which I will copy from you (with credits), but you are right, maybe I won't accept a pull because it is not entirely how I want the project.

Hearing @stemid and @pbellon I will make the double usb check optional, but on by default.

That's great 👍, thanks everyone !

Thanks everyone!,

Issue is resolved in 009733c by way of making this feature optional.

If you are experiencing this issue, set 'double_usbid_detection = False' in settings.ini