Google is taking additional steps to protect its Chromebook user base. Currently, if a hacker has physical access to your machine, he or she could insert a flash drive in the USB port and run malicious code from it.
The company is adding a new feature called USBGuard, which blocks USB port access any time the machine's screen is locked.
If you're not a Chromebook user, you may not be aware that Chrome OS is open source and the OS is web-based, which makes it a true innovation in the PC and smart device ecosystem. The new feature is currently available for testing and experimentation in Chrome OS Canary builds, and should be making an appearance in a stable release before the second quarter of 2019.
Once the feature is available, all you will need to do to use it is add the following flag:
That's all there is to it. It's a great feature addition that shows Google's commitment to the security of their user base, although in fairness, Google wasn't the first company to introduce something like this. That distinction goes to Apple. In 2018, the company introduced a similar update to iOS build 11.4.1 that required users to unlock their devices after an hour of inactivity before any USB port related activity would be allowed.
Although most home users have little to fear from physical access-based attacks, they pose a significantly greater risk to businesses of all shapes and sizes. The simple truth is that over the course of any given day, a whole host of people not employed by your company have access to your facilities, and by extension, your equipment.
Granted, most of these people have no malicious intent, but it's easy for a bad actor to slip in unnoticed, and few companies have robust measures in place to prevent or detect it. Something to think about.