The USB Killer: Now Faster, Better, More Anonymous

A few years ago, [Dark Purple] built the USB equivalent of an RJ45 connector wired into mains power. The USB Killer is a simple device with just a FET, a few high voltage caps, a DC/DC converter, and a USB connector. Plug this device into your computer and -220V is dumped directly into the USB signal wires. This kills your laptop dead.

Over the years we’ve seen the USB Killer evolve from a hand-etched PCB to something less discrete but more discreet. It was a crowdfunding campaign run by a company in Hong Kong, and a few months ago this new commercial version was released.

Now, the USB Killer V3 is out. It provides 1.5 times the power to your poor USB ports, with power surges twice as fast. There’s also an anonymous version that looks like every other USB thumb drive sourced from Hong Kong. This is your warning: never, ever plug an unknown USB thumb drive into your computer.

While a product announcement really isn’t news, it is extremely interesting to take a look at how something that should not exist is being marketed. As with all electronic destructive devices, it’s on your Amazon recommended products list alongside tactical kilts, fingerless gloves, beard oil, and black hoodies. This is pentesting gear, with an anonymous edition for your friend, the hacker called four chan. Don’t think too much about how you’re going to get data off a laptop you just killed, or how you would go undetected by destroying equipment; this is cool hacker stuff.

In addition, the USB Kill 2.0 is FCC and CE approved. This allows you to, “test in complete safety” (their emphasis, not ours).   We have no idea what this actually means.

118 thoughts on “The USB Killer: Now Faster, Better, More Anonymous

    1. I’m absolutely baffled. People destroying brand new macbook pros, xboxes, iPhones..stuff worth hundreds of dollars or several thousand dollars. Are they doing it to new stuff and then shipping it back claiming it was DOA?

        1. Welcome to the world where 1000 views equals anywhere from $5 to $12 or so or more. That 1,000,000 viewer video just made that content creator $5,000 to $12,000 or more. Oh no, it cost $700 to buy this device and another $100 to produce the video? For the (very few) who are doing it (and achieving those viewership numbers), they are clearly making more money doing so than they are losing. They are not trying to scam and DOA every thing they buy, that’s not a sustainable business.

          1. You’re quoting published CPMs, but that misunderstands how YouTube creators actually make money. The actual amount that someone makes off a video varies a lot, but in general, $1/1000 views is average; $3/1000 is a very good (and rare) payout which would only be typical for creators at the very top end of the spectrum, while $0.50/1000 is not uncommon for nobodies.

            For people who can pull in a few million views, they can afford to destroy some stuff, but for the average kid who’s going to try to get famous this way, he’ll likely lose money.

  1. I can think of one legitimate use for such a device: degrading machines before disposal for security purposes. I worked for a large company where a massive upgrade in desktop hardware turned into a major data security nightmare when unerased hard drives were sold to a jobber. Mind you that was years ago before everyone was aware of the potential of such a breach.

    1. I disagree. This device would damage anything connected to the USB port including the chip set and POSSIBLY the CPU, but I would bet the hard drive would be unaffected because it’s on the other side of another controller. And the hard drive is THE security risk of any disposed PC.

      1. This most likely only blows up the USB controller or the southbridge (if the controller is integrated). Those will typically fail short and then a trace on the motherboard burns up, stopping further damage.

        If the computer is designed sensibly, the USB lines will be protected with at least TVS diodes and that will often stop this attack short (pun intended). In the worst case the blasts from the capacitors will evaporate a trace from the USB connector. At least Apple hardware was shown to withstand this with no ill effects.

        So all this is good for is really (expensive) vandalism.

        1. While I don’t own a killer USB stick, I did fry my MB once in a similar fashion. I once dropped a mains relais on a bare USB connected controller board after getting shocked myself. The power was led to the motherboard, through a USB breakout board and consequently destroyed the entire thing.. The processor was undamaged, luckily.

          Although some computers might survive an attack with this stick, I doubt that most of them will. The good thing about this ‘product’ is that it might persuade PC developers to consider better protection for this unintentional use of ports

    2. This is too light for decommissioning work. It might make a laptop stop turning on, but the chances it will ever do something to the HD is minimal.

      There’s no way around it, if you want the data on a device gone, you need either to carefully erase it or smash it into little bits.

          1. Or just DBAN and re-use the disk….save the smashing for the dead disks! I can’t stand the idea of destroying a still useful drive when a multiple pass random overwrite will ensure practically any data will be unrecoverable. Unless you are talking about a disk containing government secrets or the colonel’s secret formula or something like that.

    3. I doubt that his would make a conventional hard drive unreadable. In some cases, it might damage the electronics, but I wouldn’t bet on it in all cases, and the data on the physical media would likely be readable with a board swap. Not trivial, but a fairly basic task. An SSD would be more likely to be rendered unreadable, but, again, I doubt it is a guarantee. Much more reliable to pull the device and use a dedicated eraser for an SSD, and to physically destroy the media from a conventional unit.

      Given where this has gone, and the number of people that think it is a great prank to leave these around, I put together a test set. It provides power and monitors the data and power lines. It is relatively immune to damage from one of these, and the protection is replaceable.

    4. Take the HDD out and gaffer-tape the cages to the decommissioned PC/Laptop Damn lazy IT personnel.

      You see, I only got a Business grade (Latitude E6400 for £20) from the market at well below peasant prices because of decommissioning.
      The HDD wiped (Likely with some stupid DoD software erase when a two pass dd-if-random would do) with the original OS installed asking you for name, company, password and what firewall (and spyware in the case of 10) settings.

      Though if they didn’t, they should of replaced the HDD, but that would of cost and would be cheaper to supply without and hold the HDD bay+screws down with gaffer-tape so the end user can add one if they wish.

      Contributes less to landfill and gives the population stronger, longer-lasting laptops (Unless your business is mainly in selling laptops…. then maybe not).

      Further, I look down at those idiots who sell laptops with holes drilled through the screen-Mainboard-HDD-Keyboard-etc and even have a cheek to try to sell them for £100+. i.e: “Becawz itza waz maaqbook!!!” (For a laugh I decided to ask, Just to waste time)

      (Proof read a few times, prob got something wrong… Oh well)

        1. 1st half:
          remove HDD and give/sell laptops to less fortunate/poor.

          2nd half (5th paragraph):
          pointing out that some people think they can sell uselessly wrecked items for “like new” prices.

          Even simpler (stereotypical comment below!):

          “Starving Africans could of had those laptops!!!!”

      1. The most annoying thing about surplus business and government computers is the majority of the time they’re too lazy to use DBAN or other erasing software, or the rules and regs are too idiotic to allow it. So they remove and keep or physically destroy the hard drives AND are too lazy to remove any tray, caddy or adapter cables from the drives.

        So you get this computer for a super low price or even free, but to use it requires buying parts to be able to install drives, and surplus companies who apparently don’t actually want to sell parts expect a price for the drive caddies higher than any possible value of the computer so there’s no way to put it together and make a profit selling it. $25~$50 a tray for a five year out of date server? Effing insane! If they want to sell them, put a price on them at which they will sell. If you’re a surplus business that paid so much for those trays that offering them at a price people will actually pay is less than *you* paid, well them *you* were dumb for spending that much. If you only paid $5 per but your asking price is 5 to 10 times higher, then you’re just a greedy SOB and deserve to sit on that inventory for a decade or until you have to cut the price to get rid of it, or take a loss selling it for scrap.

        Profit is profit. Make *a* profit and move product. Product sitting on a shelf with a high price nobody is paying is zero profit.

        Naturally that lack of overpriced replacement parts is why you can get the computer so dirt cheap, because nobody is going to bid even scrap value price for a system that will be expensive to make functional – unless they’re planning to keep and use it themselves for several years.

      2. Meh. For reasonably modern laptops that take SATA drives, you can install an SSD and just wedge it in place with a chunk of non-conductive foam, or hold it down with double-stick foam tape.

  2. There is no such thing as “CE approved”. Let this sink in once and for all.

    There is a “Declaration of conformity”. For all intents and purposes, this is equivalent to “I, Joe J. Bloggs, acting CEO of China Widgets Ltd., promise on my mother’s grave that Widgit X conforms to the directives set forth in . Really. I promise. If you can find me. And we happen to be under the same jurisdiction. Bwhaha.”

    CE is not UL.

    1. In general terms I agree but some things require independent testing at a notified body, such as gas boilers. Also there has to be a European representative of the company, which may by default be the importer.

      1. Even CE marking on consumer electronics is not that toothless. If the device is shown to cause problems (interference, dangerous voltages, etc.) that are clearly violation of the standards, then the manufacturer or importer will have to show evidence that the device is actually compliant – that is typically lab testing reports from independent approved labs. Otherwise they are liable for a large fine and the device will have to be recalled.

        I wouldn’t be surprised if this little toy wound up on RAPEX rapid warning system for dangerous products and was quickly banned from import and sales in Europe. 200V on a user accessible terminal from a large capacitor is likely not something that would conform to the regulations …

        1. Not really user accessible. The voltage is only generated when it is plugged in and then the data lines are not accessible. And it is only switched to the data lines for a short pulse when the threshold is reached. This can only happen while the device is plugged in and charging.

      2. Yeah. Take a look at their “Certificate of Conformity”: just chinese addresses, no representative within the EU. That is not how it works.

        Also they are referring to outdated versions of the 55022 and 55024. As this thing is outputting more than 75V DC, they should also mention 2014/35/EU somewhere. RoHS is also missing.

        This “Certificate of Conformity” won’t stand more than a very brief look of a customs agent.

        1. 1. The customs agents don’t care, CE certification is not an import requirement
          2. It’s perfectly legitimate to self-certify.
          3. The risk of prosecution across borders is negligible in the case that the product is demonstrated not to conform.

          1. Depends on the country. France and South Africa both require us to CE certify the imaging equipment my group builds here in the US.

            True you can self-certify, that’s what we do. But you have to back that up with 3rd party testing. Again, dependingonthe country, customs can demand a hard copy of the testing or the equipment is refused entry at the port.

            Cross border risks depend on the situation. We have facilities in those countries, so we would be in serious trouble if someone was harmed and we were found to be in violation of the CE standards.

  3. Selling this as piece of “pentesting” kit is rather idiotic. Pentesting is about discovering vulnerabilities, not about vandalism. A pentester will do their job and leave undetected, not destroy a machine immediately alerting everyone to their presence and be liable for the damage to boot.

    This is really kiddie stuff with little to no useful purpose. Along with laser “pointers” that have 1W or more power and similar gear where the stated purpose is really only a fig leaf and everyone knows it won’t be used for that.

    1. I agree. I also think that this silly device gets way too much attention from hackaday writers.
      Hackaday should be a website promoting CONSTRUCTIONAL projects, no these tools of destruction disguised as innocent devices. Non thinking youngsters bringing these devices to school, thinking they are funny is the first thing I think of… it makes me sick when I thnk of it. A tool promoting vandalism should not be promoted on hackaday.

      What I would really like to know… how do they test these things, properly. Do they assume it breaks all USB ports ever designed, just by reasoning, or did they test them all?

      1. I disagree that HaD should keep this information to themselves. The more they hit me over the head with it, the more chance it has of actually sinking in. Most of my USB thumb drives are still handouts from trade shows.

    2. Yup. I really can’t see the point of this. It may, or may now, knacker a computer, partially or completely. You’re obviously not going to do it to your own machine. For somebody else’s just use a hammer. The intended usage for this is a mystery. I’ve no idea why anyone would buy one. And yep this isn’t any more “pentesting” than a hammer would be.

      1. Intended usage: get/3D-print a bulky stick with 1TB labelled on it (Really it is a 128GB).
        Clean up the case and drill two holes that looks like a ribbon/necklace connects to (even thread one through for aesthetics, leaving enough gap).

        Have a “Key” that shorts a logic gate (NOT Gate) to GND thus turning a MOSFET-isolated USB KILLER off. Epoxy-resin the whole lot to make it impossible to disassemble (Else, Like myself, they may open it just in case it was a killer).

        Now put all your encrypted files on there. If, say, coppers took it:
        “Look Mr Officer, with ISIS and other terror groups on the edge of attacking at anytime. My data is not getting in the wrong hands. It will not be funding them. Whatever it takes!”

    3. “This is pentesting gear”

      I guess there is the use of pentesting a companies procedures/behaviours:
      Just like a shoplifter throwing a cheap digital watch with alarm function together with a product of interest in the closest garbage bin in the shop, then comes back at night when the dump is set outside and the watch goes off to pick up and find his goodies…

      Similarly if employees from the company throw out a broken laptop, it may increase the chances of the pentester of somehow getting hold of the laptop, hoping they left the HDD inside… sure that would have been stupid procedure/behaviour on behalf of the company, but that is why they hire the pentester…

          1. Oh yeah, forgot.
            The 45th himself is up there on the worlds most hated lists, likely past Justin Beiber (an extremely difficult feat in it self, A well deserved well achieved to Trump).
            Hey any more from him and he might surpass the big “H” earthly reincarnation of Satan himself: The one that created a near European-wide terror group killing any other race and religion off bar his own during WWII.

    1. More interestingly, what happens if you openly declare an innocuous (real) thumb drive as one of these USB Killers, by way of attached note, or verbal declaration? Especially if it is in the same casing…

      Or heck, a mixed bag of same-case devices; let’s get into some russian roulette. If you openly declare… what can be done?

    1. Keep data lines isolated from the USB portion, Opto-iso, high-impedance-mode bi-directional switching IC, or anything that works.
      Use a 5v isolation transformer SMPS to power USB Device.
      Add a resistor divider network to detect voltages.
      If the voltages are high enough to be of concern then activate an integrated taser module to zap the 5v lines and data lines of the suspect device (Isolate/switch over to High Voltage first).

      Could be done.

      1. This is “sort of” what I had though. I had the tazer module and opto-isolators in mind but was getting stuck with making sure real usb data would still get through as well as the 5v power lines (i’m hobbyist level). Your design seems much more refined. I’d just love the irony of someone putting their $60 laptop killer in a laptop for their device to get killed.

        1. Professional hardware designers get a static gun and shoot every surface and connector of their devices. If it fails, you beef up the ESD protection. Pretty much all of the protection is done with diodes rather than opto-isolation. Opto-isolation is really for where you want to protect what is connected to the opto-isolator from your equipment, rather than the other way around. For example, to make sure than an EEG probe does not become either a path to ground or a path to power.

          1. If the frequency is high enough, it may also be beneficial to add DC choke and or caps (low pass) in addition to TVS diodes to help mitigate charge build-up and/or high frequency transients.

          2. Aaaaah, Now I get it…..
            This explains the opto-isolators in those ATX PSUs:
            High Voltage PLC owns the mains half (Input) of the ATX PSU and Low Voltage PLC owns the low voltage (Output stage).
            The HV-PLC winds the mains side of the main transformers and send the thing off to LV-PLC for low voltage coil winding and LV-PLC’s PCB etching artwork+assembly.

            Thus HV-PLC has to protect LV-PLC’s equipment from HV-PLC’s potential mistakes.

            Couldn’t of came up with a more efficient way of making ATX PSUs

            Clearly nothing with keeping Humans safe.

            #sarcasm,#GeniusMan

      2. You do not need an isolated supply, just a series diode. Have good transient suppressors (>5V) on the datalines, you probably have to switch them away because of their capacitance, but that can also be handled with more circuitry.
        Switch data through and bridge supply diode if there is no voltage >5V for several seconds. Connect “data” (high voltage) lines of the device to it’s own supply (on the remote side of the diode) in case of higher voltage detected. So it zaps itself. :-)

    1. Depends. You’d have to find a TVS diode with enough surge capability for the big charge in the caps, and a capacitance that’s small enough not to disturb the high speed signaling on the USB bus.

    2. Hard drives use TVS diodes across their 5V and 12V lines. In the Western Digital MyBook external drives, the USB to SATA adapter runs only off the 5V and has its own built in protection against over voltage. But WD provided no additional protection to the 12V line to the drive.

      Plug in something like a 24V Dymo Turbo 400 printer power supply (which some ID10T at Dymo specified exactly the same connector as commonly used for 12V power supplies) and the USB to SATA adapter will be safe.

      If you are lucky, the 12V TVS diode on the drive will permanently short and removing it (replacing it if you want the protection back) will fix the drive. If you are unlucky the TVS diode will short out, briefly, before blowing open and allowing the over volt to blast the controller. I did that and got lucky. The 2TB drive was OK after removing the TVS diode.

      I also found out that WD formats those drives with an encrypted system. Plugged in directly they appear as an unpartitioned drive. Also I found that the USB to SATA adapter works just fine with a normally formatted drive. The encryption is handled by hardware on the adapter.

      If you want to safeguard your data against loss with a WD MyBook, take it apart, connect the drive directly, format it normally then put the MyBook back together, or toss those parts and put the drive in a normal external case. If something fries the WD adapter you may be SOL, even with another adapter from an identical model of MyBook drive.

      1. About the encrypted HDD.
        You seem to imply that the HDD is encrypted and that only the attached controller can read it.
        I’ve heard of this before. If the controller dies, you need to find the exact same controller, you cannot use a generic controller. I don’t know which models are affected though.

        However, IIUC, you are also saying that the controller works with any disk.
        Hence, it must be detecting that the HDD is “factory” pre-formatted or not.
        Would that mean that this “protection” is defeated if a user by any chance reformats the drive before using it?

  4. If I design a pen that explodes wen used leaving victim sans one hand, will HaD promote it the way they promote this piece of manure? Which crowdfunding site would allow such a thing sold as “practical joke”?

  5. From a security / recycling standpoint remove and physically destroy the HDDs if need be. BUT what about all of the salvageable electronics?!?!
    Think of all of the potential projects the destroyed hardware could’ve been used for. The USB killer is great for making landfill. Nothing more.

    1. My first job out of high school was at a local telecommunication company e-waste handling program.
      We rebuilt systems for local schools, libraries, and community programs.

      These environments were the best place to learn about the life-cycle of IT equipment, and how to manage ones time around a constant stream of distractions.

      I agree that USB destroying fobs is a tool made by douche-bags for douche-bags…
      and like all booby-traps… usually it is the owner that eventually falls for it first…
      ;-)

  6. This device is even beyond stupid. It won’t destroy any data on a laptop as there’s no chance the internal storage would share the same data lines, but certainly can damage the USB interface.

    Once they become cheaper (they will, just wait some time) I envision idiots leaving them around in public places etc. waiting for some poor chaps to stick them into their laptop just for curiosity.
    This also completely destroys the concept of disseminating anonymous information in countries where official channels are silenced, and calls for countermeasures to be taken like protected adapters with high power MOVs etc.
    An extremely stupid device only extremely stupid idiots would want to buy.

    1. Mostly agree, but seems that it is being at least partially marketed as a device to test for reliability in cases of a voltage surge. This could be useful for testing devices that require that extra step in design for protecting against high voltage / high-speed transients.

  7. Should make a good sales pitch for opto-isolated USB hubs, cables and ports.

    I was thinking about the problem this crap poses in the context of public access to PCs, game consoles, etc a few days ago as part of a business proposal. Fortunately, it’s not rocket science to engineer an opto-isolated USB port. An MCU monitoring the USB power draw could detect one of these and turn off the power to the device. Pretty hard to hide the existence of a large capacitor charging. Big nuisance, but that’s all other than a pretty serious destruction of property charge and claim for damages.

    These were probably invented by the Iranians to ward off future Stuxnet style attacks. ;-) Telling someone not to plug in USB drives found in the parking lot is not quite as effective as killing their PC and forcing them to admit they broke the rules.

  8. Think its pretty clear a device such as this has no use in penetration testing. Readers have noted a few ways to protect their own gear from such a thing too. I doubt your average theif does though, so if you left one amongst your belongings, are they are stolen (or examined by law enforcement) then they might end up one less port.

    Exxept if its law, would they take your gear and plug it in?

  9. Actually, opto-isolating the power lines is problematical :-) You can actually properly protect a port and its power and data lines with ESD protection diodes, such that any unexpected power input goes to ground. You must protect everything that is not a ground wire, not just the wires that the current version of the USB blaster attacks.

    1. You magneto-isolate the power lines.
      A transformer at ratio 1:1 where the output is fed back via a biased opto-isolator that the light sets the current and thus the reference voltage on the photo-transistor stage and that signal is fed to a voltage divider.
      Also, the voltage could be intentionally raised to, say, 7v and passed through a regulator set at 5.6v on the output and then via a reverse blocking diode dropping 0.6v to the 5v required whilst preventing high voltage feedback into 5vcc. Then a high-voltage wouldn’t easily destroy anything via the 5v rails.

      1. First, this device puts the high voltage on the data lines while it draws power from the 5V. Otherwise it would probably destroy it self.
        Second, you do not need any isolated power, it would not help anything. It would only help if you have connected equipment which is mains powered, externally grounded and you have problem with ground loops.
        And you do not need such a complicated contraption with 7V etc. If you need a converter with a diode in the output against backwards current then you simply connect the diode in series and tap the voltage divider for the regulation after the diode. Make the divider resistors big enough to sustain the highest specified (design goal) overvoltage. Or make them sustain 10V and put a 5V transzorb diode on the line. You can get them for up to 5kW peak for 1ms.
        But I am sure the 5V lines are not in any danger. There is enough DC load and capacitance on this lines, that the pulses will just be absorbed. This device can not deliver more than 2,5W.

        1. And dissipate ALL that heat through the crude voltage devider at the 2+ Amperes my laptop can output?!?!? Let alone the noise!?!?

          The circuit I mentioned delivers a fairly stable 5v to the USB ports:
          I embed a 5v to 7v circuit that gets regulated back to 5v for portable speakers.
          Else just about every laptop auto-drops Skrillex buzz-hiss-wabawabawab through the speakers (The cause is SMPS in the laptops).
          Oh and audiophiles like two of these separating the Avdd on the CODEC and the op-amps.

          Oh and VER 1.x USB Killer maybe doesn’t affect 5v.
          But the next could auto-isolate the laptop 5v from it self before dumping 200V or more on the PC side 5Vsb.

          P.S. I know my laptop outputs 2.16A (Measured charging a friends tablet, he forgot his charger. And I have charged many 2A rated items time after time without problems)

    2. Not to disagree – but a properly protected DC-DC converter can isolate against power surges across USB, without loosing functionality. For EEG systems, we used an optical isolated cable, and both ends were powered. Most devices/hubs don’t power the “upstream” USB VBUS, but a plugin battery on the isolated side did work.

  10. Market it as a “public charger sanitizer”. Then it would be a countermeasure against public chargers that have been modified to break into connected devices. An untampered charger will just have a short across the data lines and would be unaffected.

  11. This could very much be used in an attack…
    First make discretely sure the target person damages his laptop with “this free USB thing I found!”, then offer quick repairs (again has to be subtle enough)…
    Pretty at least some of the “must be done NOW!” managers would actually give the device to an unapproved repair shop, so now you have physical access to the device with no need to look over your shoulder.
    The bonus being if you actually repair the laptop and bill the guy, he might not even mention this to his official “IT guy”, so the attack could even go unnoticed for a very long time.

  12. NOTE to the editor:

    The USB Kill 2.0 is not CE Approved.

    The USB Protection Shield is a CE Approved device designed to allow testing of the USB Killer while protecting the host machine. Users can safely connect the shield device and test the USB Killer’s output functionality.

    It’s basically a dongle that sits between the usbkiller and the usb port — it protects the host system from damage (you can see a video on the site below).

    https://www.usbkill.com/usb-killer/9-usb-killer-tester.html

    1. EDIT: never mind I saw on the main site that their device is CE and FCC approved for testing surge protection of devices.

      They admit that the USB Killer won’t work on hardware designed to handle these power surges….(In other words, it can be defeated)

  13. It could wipe out Wall Street. It could wipe out an airplane system just by plugging into a usb charger under a passenger seat. It could wipe out a car with a USB port. It could wipe out more than a damn laptop friends. Think bigger!!!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s