The USB Killer Now Has Commercial Competition

With a proliferation of USB Flash disk drives has come a very straightforward attack vector for a miscreant intent on spreading malware onto an organisation’s computer network. Simply drop a few infected drives in the parking lot, and wait for an unsuspecting staff member to pick one up and plug it into their computer. The drives are so familiar that to a non-tech-savvy user they appear harmless, there is no conscious decision over whether to trust them or not.

A diabolical variant on the exploit was [Dark Purple]’s USB Killer. Outwardly similar to a USB Flash drive, it contains an inverter that generates several hundred volts from the USB’s 5 volts, and repeatedly discharges it into the data lines of whatever it is plugged into. Computers whose designers have not incorporated some form of protection do not last long when subjected to its shocking ministrations.

Now the original has a commercial competitor, in the form of Hong Kong-based usbkill.com. It’s a bit cheaper than the original, but that it has appeared at all suggests that there is an expanding market for this type of device and that you may be more likely to encounter one in the future. They are also selling a test shield, an isolated USB port add-on that allows the device to be powered up without damaging its host.

From the hardware engineer’s point of view these devices present a special challenge. We are used to protecting USB ports from high voltage electrostatic discharges with TVS diode arrays, but those events have an extremely high impedance and the components are not designed to continuously handle low-impedance high voltages. It’s likely that these USB killers will result in greater sales of protection thermistors and more substantially specified Zener diodes in the world of USB interface designers.

We covered the original USB Killer prototype when it appeared, then its second version, and finally its crowdfunding campaign. This will probably not be the last we’ve heard of these devices and they will inevitably become cheaper, so take care what you pick up in that parking lot.

[via Extremetech]

95 thoughts on “The USB Killer Now Has Commercial Competition

      1. The problem in question would not exist if the optical interface in a component of the computing device itself, so the optical cable is nothing but fiber (or a pair of fibers) and the mechanical termination. The neat thing is that for short lines, single mode, and moderate speeds, you can get away with a lot of sins at the terminations, so they can be inexpensive and physically robust.

    1. Then they design an “optical port killer” that produces a 1/2 kW laser pulse to destroy the receiving hardware.

      Joke aside, there is no practical way to make something completely undamageable in the face of clever people intent on causing damage.

  1. You might think that a found USB drive should be treated like a hypodermic needle but I still hear advice of put your name in a text file in the root folder so it will find its way back to you from people who should know better.

        1. Um… at least my keybindings are non standard, also – sudo needs password. But yes, you make valid point.

          PS. Yes, there are two kinds of people – those who do backup, and those who do not backup yet.

    1. If you look at the design it does not damage the +5 volt line or the ground, it spikes the data lines with -110 volts DC (version 1.0) or -220 volts DC (version 2.0). So it is easy enough to create test hardware, you supply 5 volts and ground and check the data lines for -110 to -220 volts DC. Maybe even use a battery with a buck converter to supply the +5 volts DC.

        1. No idea, but you could double the voltage rating by using two in series (and unfortunately half the capacitance). Or get 5x the voltage rating by using 5 in series (and 1/5 the capacitance).

          1. Or just take a 200V or higher rated cap. They exist up to 630V. Of course capacity goes also down at given size. In this special application I would even short time overload the caps. They charge gets dumped immediately after reaching peak voltage anyway.

    1. “‘What a piece of work is a man! How noble in reason, how infinite in faculty? In form and moving how express and admirable? In action how like an Angel? in apprehension how like a god?”

  2. What is special about USB that makes destroying property become acceptable? You could easily modify anything with an AC cord to star a fire or even electrocute the user but that would be considered criminal.

    1. I don’t think anyone recommended doing this to someone else, it’s the concept that’s interesting really. If you go around getting this thing plugged into other people’s stuff, then I think we can all agree that you’re a total asshole that deserves to get caught.

      1. >If you go around getting this thing plugged into other people’s stuff
        Looking at all the *#+ humans do i think this will be the case. I don’t know why they are selling this. They say that people that designing hardware should test there products, but why? They only need to make them protected against such stuff because somebody created the USB Killer. I don’t think repetitive surges with >100V are something that can happen during normal operation (in contrast to ESD or something like this). Of course, they might be an idiot discharging a capacitor on the local photo print station but well, you can’t protect against all problems and even if you want to do, do you really need such a “test tool”? If i really want to break something i just use a hammer…
        And why should pen-testers have such a thing handy? To break the hardware of they employer? Yeah, you could argue that critical hardware should be protected against sabotage like this but imho critical hardware should be protected physically. You don’t need such a thing, just wire a random PC-connector to the mains (or use a hammer as i said)…

        1. I’m thinking a good use case could be maintenance staff “sanitizing” public charging stations at places like coffee shops. If a hacker installs spy hardware to try to break into devices plugged into it, the “sanitizer” would zap it and render the station safe again.

  3. A couple thoughts on this:
    If they made some that just explode, more people would learn not to plug in computer gadgets from unknown sources or they would learn to use their other hand until they did it again. Unknown sources being anything made in China. And what is the point in one of these things? Do they test them at the factory? If one of these did fail (to discharge into the computer) what would it do to the person holding it? People worry about a Zombie Apocalypse. I worry about hordes of stupid people looking for the next stupid thing to do.

    1. Maybe the Zombie Apocalypse already happened but the infection is just a lot more subtle than in the movies. I seem to be constantly encountering people who look healthy enough but appear to have as much sense as a Zombie.

    2. That is a good idea, or perhaps it could just contain a heating element and a wax that has a really foul smelling substance embedded in it. It stink out the office and make a powerful point without doing any damage. Could be a useful security audit tool to check if policies at a given site were being followed.

  4. Most people won’t bother with this. It’s not cheap and if you leave it in a parking lot you are not getting it back. Unless you know someone in the building you may not know if it ever worked.

    1. I’m genuinely curious what you mean. I’ve thought some of the recent articles written by HAD staff on microprocessor programming, electronics, special printing filaments and history have been excellent. When do you think it was better? Alternatively, where do you hang out that you like better? I’d like to read such a site too. I’m not trying to be an ass, I’m just curious what you mean.

      1. When I was a student, I was part of my university’s sound-and-light provider. We had a special offering just for those people who would come in and ask for “A cable”. It was a 1/4″ jack-to-240V mains plug, albeit one made with just the outer insulation of a piece of mains flex, no wires.

        It was amazing how many people took it away without looking at what they’d been given.

    1. You are not thinking that through enough. It would be a better design decision to have them automatically trigger once every 12 months, if they do not get the countermand signal to reinitialise the timer before the countdown period has fully elapsed. Some companies, in certain industries, have HR policies to escort people from the premises the day they hand in their notice.

  5. I admit, I worry about the amount of vandalism that might arise from these. The type of middle-school kid who used to take magnets to CRTs back in the day, is the type who will happily destroy property with one of these. Especially since it can be done so quickly, and with so little evidence. (“Honest, I just sat down and it stopped working.”)

    Beyond filling USB ports with epoxy where applicable, I have no idea for a solution.

    (No, I’m not suggesting they be banned from sale. And yes, I know that CRTs could be degaussed, though depending on the “damage,” it could take a pretty strong coil and a lot of effort.)

  6. USB locks are available and have been for at least ten years. Not fully secure as they can be removed even without the key but that would take time and keep the casual paser by from f****** up your presuppose life(computer)

    1. As an admin I’d leave front ports open but unplugged from mobo, so when user complains, you can tear them a new one.

      Though perhaps a nice idea is to apply this idea in reverse… Wire up the case ports so they fry any device inserted… Then that’s one less device that will cause you shit another day.

      1. Worse would be a brand name wall adaptor gutted with the AC prongs soldered directly to the data lines of the USB female connector. Left in a public place, a lot of grief would follow!

  7. Oh, just thought of a point unmade thus far I think. (Hey, sorry if I missed your oblique referral in a comment nest)

    The slaughter of a cheap commodity desktop office PC might not be the point….

    The point might be that you order another one, which is intercepted in transit, or even at source, and equipped with a full on suite of nasties to dig deep into your network and business, and inevitably, personal life and anything audible in the room that computer is in, possibly Van Eck intercepts from nearby systems, penetration of nearby air gapped systems etc etc.

    The point might otherwise be that you call in external hardware support, who you let access your premises, with all the possibilities above, and bugs and wifi penetrators and the like that he might drop or install in ceiling or power sockets while he’s “lost” on the way to the bathroom.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s