EEVblog Electronics Community Forum
General => General Technical Chat => Topic started by: legacy on May 06, 2019, 04:51:46 am
-
usb-killer (https://www.youtube.com/watch?v=Y37-PfXZujM)
it's specifically designed to destroy computers and smartphones: does it make sense?
more interesting, some devices may survive, the most won't :palm: :palm: :palm:
which is the best protection (apart from not allowing people to plug anything on the usb slot)?
-
well if it makes you feel better, you can do serious time for destroying computers.. quite a dollar value attached to them and its probably considered worse then theft from a judges view point.
Protection can be tricky because you need to maintain a low capacitance to maintain usb SNR, high speed and high voltage.
-
https://hardware.slashdot.org/story/19/04/17/2120206/student-used-usb-killer-device-to-destroy-58000-worth-of-college-computers
Vishwanath Akuthota, the former student, now faces up to 10 years in prison (with up to three years of supervision after release) and a fine totaling up to $250,000.
Whats a bit scary is that normally to do that kind of damage, you would need to get pretty winded with a sledge hammer for a good 20 minutes.
-
it's specifically desiend to destroy computers and smartphones: does it make sense?
Yes. The simple answer is that some people are dicks and just want to see the world burn. There are also other uses, sabotage, economic malice etc. pretty much all illegal. Basically a single bribed cleaner, maid, janitor or similar can take down a company.
which is the best protection (apart from not allowing people to plug anything on the usb slot)?
Isolated, heavily protected USB hub, that can die, but will not pass the destruction further. Non-stupid people.
Beyond that I don't think that there are any (reasonable) protections that can stand continued battering from such a source and at the same time pass USB data.
-
Optical USB isolator.
-
Surprisingly, quite a few modern smart phones can withstand it such as the Samsung phones.
https://www.youtube.com/watch?v=Y1o1nwlpY4I (https://www.youtube.com/watch?v=Y1o1nwlpY4I)
-
The simple answer is that some people are dicks and just want to see the world burn.
Human nature is pretty much the same everywhere. People like power and that feeling of power can be obtained by destroying things and/or people.
It takes a lot of hard work and preparation to feel the satisfaction of having built a building or a machine or an airplane and young people are not there yet but they can feel the satisfaction of having destroyed what took someone else a lot of work to build.
You can take a few young men and put them in a fighter jet or in the army and make their thirst for destruction legal and virtuous but in nature it is no different from the neighborhood punk who goes around keying cars.
The guy who creates a computer virus just for fun is not much different from the guy who works for a big government and creates a virus useful to their government. The legality and consequences are very different but the motivation is not.
A keeper is only a poacher turned outside in, and a poacher a keeper turned inside out. Charles Kingsley - 19th century
I have met a lot of people in places of authority who were just assholes backed by authority but were worthless human beings abusing whoever they could. If they were not in positions of authority they would probably be doing the same things outside the law.
-
If you do a forum search for 'USB killer' you will find that this topic has come up several times in the past (not for a while though). As far as I remember, nobody ever came up with a satisfactory reason / excuse.
-
"Sanitizing" public chargers is one of the few legitimate uses. The idea being that they're supposed to just have the data lines tied to each other and therefore immune to high voltage, but if some hacker installs a device that tries to hack connected devices, that hacking device would be disabled and rendered harmless.
-
People do stupid things. In many cases unintentionally, but sometimes stupid things are done very much intentionally/deliberately. :palm:
Unintentional stupidity is more dangerous, then intentional (IMHO), since it's harder to predict.
-
"Sanitizing" public chargers is one of the few legitimate uses. The idea being that they're supposed to just have the data lines tied to each other and therefore immune to high voltage, but if some hacker installs a device that tries to hack connected devices, that hacking device would be disabled and rendered harmless.
But then you're also killing all USB power delivery compatible chargers...
Using this device on something else than your own property is vandalism. If you want to safely charge your phone, just use a cable without the data lines.
-
"Sanitizing" public chargers is one of the few legitimate uses. The idea being that they're supposed to just have the data lines tied to each other and therefore immune to high voltage, but if some hacker installs a device that tries to hack connected devices, that hacking device would be disabled and rendered harmless.
But then you're also killing all USB power delivery compatible chargers...
Using this device on something else than your own property is vandalism. If you want to safely charge your phone, just use a cable without the data lines.
Exactly. Also, USB charging is a hot mess and before the actual, approved standards like USB PD, USB DCP were a thing, there were - and still are - countless others that rely on probing the data lines. Some of them expect shorted data lines, others some arbitrary resistance, others some timed sequencing, others still - various combinations of pull-ups/and/or-downs to +5V, GND. Various versions of QuickCharge involve actual voltage negotiation using signaling over data lines. More advanced chargers have purpose-designed chips that try to guess what the device to be charged expects by "listening" to their probing routine and playing along accordingly (e.g. "IQ Charge").
If I were an honest owner of a property that offers their guests USB charging ports for their convenience and caught you trying to "sanitize" them using high-voltage crap gizmo, I'd "sanitize" you by making you eat the damn thing.
-
But then you're also killing all USB power delivery compatible chargers...
Using this device on something else than your own property is vandalism. If you want to safely charge your phone, just use a cable without the data lines.
It could be used by the owner of the public charger. Although I suppose a better way to counterattack those hacked public chargers is to plug in a device that pretends to contain valuable data but is actually worthless junk designed to waste the resources of the hacking device.
-
It could be used by the owner of the public charger. Although I suppose a better way to counterattack those hacked public chargers is to plug in a device that pretends to contain valuable data but is actually worthless junk designed to waste the resources of the hacking device.
What "counterattacks" are you on about? :palm: You're not on a freaking war. If you see hackers everywhere you always can, you know, NOT try to freeload on the public chargers, perhaps? Carry your own powerbank or just deal with not having a charged smartphone, FFS |O
-
What "counterattacks" are you on about? :palm: You're not on a freaking war. If you see hackers everywhere you always can, you know, NOT try to freeload on the public chargers, perhaps? Carry your own powerbank or just deal with not having a charged smartphone, FFS |O
I suspect "hacked" public chargers are very uncommon, but owners of those chargers do need some way to counter that problem. Maybe the manufacturer of the public charger can specifically design it to be "sanitized", with a modified connector that will accept either a standard USB plug or the "sanitizer" that the manufacturer supplies, but prevent accidentally plugging the sanitizer into a USB port not designed to handle it.
-
It's basic purpose is to make you feel better by destroying other peoples private property. Yo can also destroy our own property and make a viral video out of it.
:palm: :palm:
-
It is the equivalent of pouring sugar in a fuel tank, except that there are people who think
fuel tanks USB ports should be protected against that.
(And, like fuel tank caps, USB and Ethernet ports should be physically protected against use by idiots and vandals and other vermin.)
Before USB, there was the Etherkiller: An RJ45 on one end, and a mains plug in the other, BOFH style.
The one sensible use for one (USB or Ethernet killer) I can think of, is as destructive test gear when you are developing something to allow interfacing possibly nefarious devices. (For USB, that means limiting the types of USB devices that are enumerated, to e.g. storage devices, and possibly keyboard devices if you wish to allow password keepers. For Ethernet, robust magnetics and a design that keeps damage to within the single port.)
I'm pretty sure you could do a Mainskiller also, maybe using some clever power circuitry to double the AC frequency or something. It'd be the same thing, really, just even more dangerous and destructive.
-
Because we humans are like that.
"And if you gaze long into an abyss, the abyss also gazes into you" kinda deal.
I mean it's not like someone intentionally setting Rome on fire.
-
I once considered building it for my roommate who kept borrowing my USB device without asking and generally was an ass in many ways but I still had too much pity.
-
I'm pretty sure you could do a Mainskiller also, maybe using some clever power circuitry to double the AC frequency or something. It'd be the same thing, really, just even more dangerous and destructive.
Just need a sufficiently large high voltage capacitor. It really would be big, though, given any decent surge protector is rated for several thousand joules. Easier to just put in a transformer to make a high current flow through the neutral to ground loop.
-
https://hardware.slashdot.org/story/19/04/17/2120206/student-used-usb-killer-device-to-destroy-58000-worth-of-college-computers
Vishwanath Akuthota, the former student, now faces up to 10 years in prison (with up to three years of supervision after release) and a fine totaling up to $250,000.
Whats a bit scary is that normally to do that kind of damage, you would need to get pretty winded with a sledge hammer for a good 20 minutes.
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
-
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
As is deliberately destroying multiple college computers. Play stupid games, win stupid prizes.
Besides, it was "faces up to 10 years", which only means they found enough paragraphs to theoretically be able to lock him up for that long.
-
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
As is deliberately destroying multiple college computers. Play stupid games, win stupid prizes.
Besides, it was "faces up to 10 years", which only means they found enough paragraphs to theoretically be able to lock him up for that long.
computers are easily replaced, it's not like he killed someone. spending millions to store him in a cell for a decade after which he will
never get a job or pay taxes seems like and excessively stupid way to handle it and cause much more damage than the initial crime
it does seem like US justice system is to busy to argue in court so they pile up charges until they convince the criminal to
make a plea bargain ( or kill themselves ) to avoid a life sentence
-
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
The people here who complain this exists need to complain knives exist too because in the hands of a suitable idiot they can kill people.
Not joking but this also demonstrates that the average USB port is like a public glory hole (no dont google that)
-
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
US Criminial Justice system is more about harsh punishment, not correction nor rehabilitation, of especially of those without money.
-
He was arrested and taken into custody in North Carolina on February 22nd, just over a week after he went on a spree of inserting the "USB Killer" device into 66 of Saint Rose's computers around various locations on campus. Such devices can be easily and freely purchased online and can overload the surge protection in many PCs.
Akuthota, 27, apparently made video recordings of himself inserting the malicious USB device into the computers and said "I'm going to kill this guy"
It is not immediately clear to me under what circumstances that sort of morons are desirable to be walking freely.
I'm not greedy, I would gladly pay tax so that they can stay in jail and off the streets.
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently.
Oh come on, it's not guaranteed to kill the TPM at all. Put an ESD gun to the TPM if you want to kill the TPM. Or, you know, a $5 hammer.
-
Private school, out for two years on a VISA, 27 years old and this is the best idea he comes up with. Must make mom and dad very proud of their son. Then again, the apple never falls to far from the tree.
-
I want to see what would happen if he busted in at night and smashed the equivalent circuits physically rather then electronically burned them
I do wonder if there is bias to the case because of the word 'killer' being used in regards to the product. If it said hammer instead.
-
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
Out of curiosity, what would be an appropriate punishment?
-
Out of curiosity, what would be an appropriate punishment?
A fine equaling the total damage, certainly not jail time.
-
well you would need to look at similar property value related sentencing vs ease of use vs planning requirement to make a evaluation to see if the sentance is fair or at least in line with existing standards
typically bigger plots, more dollar value and slower more methodical damage results in higher sentences
The charge is often referred to as criminal mischief
being defined as criminal, not civil, likely means jail
S 145.10 Criminal mischief in the second degree.
A person is guilty of criminal mischief in the second degree when with intent to damage property of another person, and having no right to do so nor any reasonable ground to believe that he has such right, he damages property of another person in an amount exceeding one thousand five hundred dollars.
Criminal mischief in the second degree is a class D felony.
If you define it as use of explosives (spark. maybe. kinda a stretch.) you get class B felony regardless of damage caused (i.e. fire hazard, etc).
'D' Violent Felony 2-7 years
'D' Non Violent Felony No Jail, Probation, 1-3 to 7 years
So they must have charged him with other stuff or considered if a class B felony (the ranges for sentencing overlap between violent and nonviolent).
https://codes.findlaw.com/ny/penal-law/pen-sect-145-12.html (https://codes.findlaw.com/ny/penal-law/pen-sect-145-12.html)
Since you are destroying a computer (its not like destroying someones garden) you can also stack some tampering charges to that, since you disabled a computing center (but the law is kinda archaic)
https://www.lawserver.com/law/state/new-york/ny-laws/ny_penal_law_145-20 (https://www.lawserver.com/law/state/new-york/ny-laws/ny_penal_law_145-20)
also you can argue, that unlike smashing a bunch of PC's physically, if you just fry them invisibly through USB ports you can try to blame it on lightning or something, so it can create lots of confusion being a sabotage type activity rather then just plain obvious vandalism. Suddenly your doing a massive investigation looking for lighting damage, replacing circuit breakers, hiring electricians, blaming distributors, blaming engineers..... chaos. could cost a contract even (bad computers, poorly protected since everything else works). invisible damage is really far reaching compared to just pissed off obvious vandalism and the sentencing likely takes some weight from that consideration.
-
Out of curiosity, what would be an appropriate punishment?
A fine equaling the total damage, certainly not jail time.
Yeah, probably more than enough to make him rethink what he did, unless mom and dad just pays the fine for him.
-
While I agree that 10 years is excessive, at least some jail time should be included.
"Evidently malicious intent" should not have the same penalty as accidentally screwing up.
-
Yep. But US justice system is about retribution and punishment not rehabilitation apparently...
Firstly insurance should cover the damages if you’re a registered company of any kind. This isn’t any worse than a DUI and driving into a tree from a cost perspective.. Secondly chuck him in the clink for a year on a correctional basis or give him X hundred hours community service. People like this only do these malicious things because they have no grounding in reality. It’s a better use of time and money to get someone back into society and productive.
-
This isn’t any worse than a DUI and driving into a tree from a cost perspective.
Even assuming that no valuable data was stored on the devices, there is the time that the IT guys will have to use to fix the mess. Also, 58k worth of equipment is not the cost of (most) cars. And the most important bit is that you mess up your own car when DUI, not someone elses.
I'm all for rehabilitation and such, but, punishment should also be applied.
People like this only do these malicious things because they have no grounding in reality.
I'm not sure I understand what you mean. Are you claiming he did not know that what he was doing is bad?
People do this kind of crap because they are dicks. Most people have 'dickish' tendencies to some extent. The difference is that most people have it under control.
-
If you do a forum search for 'USB killer' you will find that this topic has come up several times in the past (not for a while though). As far as I remember, nobody ever came up with a satisfactory reason / excuse.
It depends what you define as reasonable. Or reasonable to you & me, or reasonable to them.
I’ve heard someone mention it with regard to ruining computers at a place he has to go and use their computers to look for a certain number of jobs each week.
If he doesn’t go, he gets no welfare, so the rationale would be that he gets out of doing something.
-
Actually that summarises USB as an interface nicely as well :-DD
-
https://int3.cc/products/usbcondoms
-
All of the following:
1- Civilly responsible for the damage done (obviously). Victim should be made whole again.
2- Fine of triple that amount.
3- Punishment in the form of jail time and/or community service at the discretion of the judge taking into account his previous history. Assuming he is a first time offender with no other black marks I would say something like 500 hours of community service. If he has a bad history then maybe add some jail time (measured in weeks, not years).
Jail time should be the last recourse.
-
I wonder why the Feds were involved and what their cost was. He was a listed as a flight risk. If let out, I assume he would go back to India.
I can't imagine having my parents be involved with my problems at the age of 27. Then again, I can't imagine putting myself in his position in the first place.
This is how he shows his appreciation to his parents and the country who allowed him in and educate him. Just a waste.
-
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
The people here who complain this exists need to complain knives exist too because in the hands of a suitable idiot they can kill people.
Not joking but this also demonstrates that the average USB port is like a public glory hole (no dont google that)
Except, there's absolutely no guarantee it will do that.
Have a read of the Guardian article about the measures they had to take to ensure data destruction of the Snowden/NSA files.
https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq (https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq)
https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show (https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show)
Oh, and yeah, ever wondered why the loos in motorway services have stainless steel walls?
Lots of services have anonymous accounts on websites that promote such 'pleasures'
-
Of course, attempting to steal a bit of paper was much worse...
https://en.wikipedia.org/wiki/Otto_Warmbier (https://en.wikipedia.org/wiki/Otto_Warmbier)
https://www.theguardian.com/us-news/2017/jun/19/otto-warmbier-dies-coma-student-north-korea-prison (https://www.theguardian.com/us-news/2017/jun/19/otto-warmbier-dies-coma-student-north-korea-prison)
-
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
Those will be destroyed only if you are lucky. Most likely replacing chipset will fix the motherboard. Or you can move TPM chip/module to another motherboard.
-
Optical USB isolator.
(From early on Page-1)......
Do you mind explaining this further ??? (Seriously...)
(Pwees expwane xox :D)
-
Optical USB isolator.
(From early on Page-1)......
Do you mind explaining this further ??? (Seriously...)
(Pwees expwane xox :D)
There are USB isolation products.
https://www.analog.com/en/products/adum4160.html (https://www.analog.com/en/products/adum4160.html)
https://power.murata.com/datasheet?/data/power/ncl/kdc_nmusb202mc.pdf (https://power.murata.com/datasheet?/data/power/ncl/kdc_nmusb202mc.pdf)
And others. Pretty much chips/modules, just add a few support parts.
-
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
...
Except, there's absolutely no guarantee it will do that.
Have a read of the Guardian article about the measures they had to take to ensure data destruction of the Snowden/NSA files.
https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq (https://www.theguardian.com/uk-news/2014/jan/31/footage-released-guardian-editors-snowden-hard-drives-gchq)
https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show (https://www.theguardian.com/media/2015/feb/27/guardians-destroyed-snowden-laptop-to-feature-in-major-va-show)
Actually a device like that is very unlikely to do any damage to the data on hard drives so that is no reason to use it at all. If the damage do reach the hard drives it will only destroy the controllers (which can be replaced) not the data on the disks.
-
There are USB isolation products.
What you really need, is an USB hub with standard power control and isolation. Also note that ADuM3160/4160 only work up to full speed USB 2.0 (12 Mbit/s), and not up to high speed (480 Mbit/s).
There has been some discussions on how to isolate and filter devices allowed to connect to an USB port. In Linux, if the hub has standard power control (i.e., software control over whether a port is powered or not; common -- standard? -- in USB hubs), you can use standard udev utilities to limit which kind of devices are enumerated/activated, and even power off (for a few seconds, typically) not-allowed ones.
I seem to recall seeing a few hardware experiments (Hackaday? Here? PJRC forums?), moving the logic into an USB bridge -- essentially two microcontrollers with high-speed USB 2.0 interfaces, with an isolated (parallel) high-speed (~500 Mbit/s) interconnect. The outwards facing microcontroller being essentially "dumb", cheap, and replaceable when an unexpected electrical event occurs.
In practice, an embedded Linux workstation running off an image unpacked from storage for each new user, is both easier to maintain and more cost-effective. You can do this relatively simply using PXE boot on any machine you can secure the BIOS/EFI/OF for. Funnily enough, in these use cases, a LOT of RAM (say, 32 GiB) would make it possible to run a full desktop system off a RAMdisk without any customization work or any kind of local storage, with reimaging taking only seconds (assuming GbE Ethernet networking, or faster) -- the entire filesystem being transferred as a single XZ-compressed image, or as a few trees depending on the user logging in. Unfortunately, most embedded machines are limited to 4 GiB or less, which is not really enough for a full-fledged GUI Linux distribution.
-
In practice, an embedded Linux workstation running off an image unpacked from storage for each new user, is both easier to maintain and more cost-effective. You can do this relatively simply using PXE boot on any machine you can secure the BIOS/EFI/OF for.
like Xterminals made in the 90s.
e.g. Tektronix xp2xx/400, NCD, etc.
they did boot via tftpboot, +NFS
-
guys, even the firewire port is dangerous :palm:
why? because the firewire tecnology directly exposes the ram via DMA. so, if someone put a FW-device on the chain, it can potentially write/read the ram, or just write junk to crash the system. I have just seen there are some kits around, even on eBay and those places :palm:
moral of the story: close all the physical ports with mini-padlocks ( dunno if they actually exist, but if they exist, then they are the best invention ever, and I want twelve of them!)
-
not going to defend the guy but, 10 years in prison and a $250,000 fine is beyond insane
Out of curiosity, what would be an appropriate punishment?
Insane how it will cost the state for his stay in prison for 10 years.
As well as paying compensation for the inconvenience they should get get him repair/replace what he damaged out of his own pocket of course.
-
like Xterminals made in the 90s.
Many of them ran only the X server on the terminal, and the applications themselves on bigger iron (i.e, as "thin clients"). The difference to what I am suggesting is that the machine runs everything locally, from a ramdisk. But otherwise, yes: nothing new. It's just that having big-mem embedded machines would make that so much better. The CPUs are easily powerful enough already.
-
They have a legitimate use which is basically destroying your kit and the TPM in and crypto keys irrecoverably and permanently. No amount of fancy shit down the lab can fix the damage it does. Think journalists, spies, activists, data exfiltration protection, hardware sanitisation etc.
Not in the slightest. A device like this _might_ take out a TPM -- or any other particular chip in a system, but is certainly not guaranteed. What chips are likely to be destroyed is going to heavily depend on the layout and design. If you want to destroy a TPM, use a widlarizer.
Really all this is good for is testing if USB devices can withstand high voltage capacitive discharge. But there are better and more reproducible ways to do that. It is also a demonstration of a simple high voltage boost converter -- which doesn't have to be hooked up to a USB circuit to demonstrate its effectiveness.
-
why? because the firewire tecnology directly exposes the ram via DMA. so, if someone put a FW-device on the chain, it can potentially write/read the ram, or just write junk to crash the system.
Yeah, I knew a paranoid guy who put hot melt glue in all his firewire ports.
-
He's not paranoid really.
When I worked in the defence sector the PCs were locked in cages with a hole big enough for a finger to turn them on and that was it. At a large financial I was working for a few months back they epoxied all the holes solid. At the same time idiots wedged security doors open with plant pots so they didn't have to swipe in after they went for a slash.
On TPM disposal, I concede. I wouldn't do it that way either
-
is that heaven? tech support takes 4 hours to open the computer with a angle grinder when the mouse gets loose? welded shut I hope?? :popcorn:
\
sounds a bit depressing, like your working out of a subway station designed to be vandal proof from the occasional evil hobo.. not a office
-
No just caged and locked with a padlock. Occasionally they actually lost the key for the specific box so had to get some bolt cutters out. :-DD
Heaven was an incumbent rubbish IT team which I was part of. Didn’t take long to get to the top and out of the door to a better place to work.
-
I've worked in 'interesting' places before now, USB security is a done deal if you know what you're doing and invest the right money, it's possible to lock down a machine as soon as you plug in a different keyboard or any other non whitelisted device.
Makes it fun when 'Dave' plugs his phone in to charge.
Physical security is always worth having too, if for nothing else than to make it obvious that people shouldn't be messing about with the machines.
Concur on the 'wedged' doors, I've seen all sorts of methods and justifications for bypassing security, all of which would have caused havoc if they'd been spotted by someone in security
-
moral of the story: close all the physical ports with mini-padlocks ( dunno if they actually exist, but if they exist, then they are the best invention ever, and I want twelve of them!)
Physical locks are indeed available, at least for USB ports:
https://www.kensington.com/p/products/security/usb-port-locks/usb-port-blocker/ (https://www.kensington.com/p/products/security/usb-port-locks/usb-port-blocker/)
-
that looks like it would get picked easily
-
Hammer and slot screwdriver.