‘USB Killer’ Destroys Electronic Devices

Uploaded on 2016-09-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Last year, a hacker demonstrated a prototype of a small USB device, the size of a small USB drive, that could destroy electronics into which it was plugged. 

Dubbed the "USB Killer," the device damaged electronics by sending a surge of power onto the data lines used to communicate.

Now a Hong Kong based firm, aptly named "USB Killer", is offering such an eponymous device for sale. When the USB Killer is inserted into a USB port of a laptop, television, printer, or any other USB-enabled piece of electronics, it rapidly charges small capacitors within it from the USB power source to which it is connected. 

When the capacitors are fully charged, which can take less than a second, the device quickly discharges the power over its data lines, thereby sending an unexpected surge of power into the device to which it is connected. The USB Killer repeats this cycle as long as it is plugged in, but even the first discharge is likely to damage many electronic devices. 

Security experts have long been cautioning about the danger to electronic devices posed by leaving USB ports uncapped. In the past we have focused primarily on the risk of someone sticking into a computer some USB device infected with malware, and the resulting risk to information security but, now, the physical risk, once considered small, other than in the case of highly sensitive systems targeted by advanced attackers, may become widespread.

The makers of the USB Killer claim that their device can kill 95% of devices with USB ports, but Apple laptops are not included in the 95%. Apple, they say, has already implemented technology to protect its products, a security move that is certainly commendable.

It should be noted that future versions of USB C, still a fairly uncommon type of USB connector, may help address the risk of USB Killer device type devices by including functions that prevent unauthorised devices from connecting to the power or data lines of computers and smart devices; of course, that does nothing to protect the billions of devices already in the market, and also assumes that future security protocols cannot be circumvented or subverted.

So, what should you do now? Don't leave laptops or other electronic devices unattended in places where someone intent on inflicting harm might be able to plug devices into USB ports. That has always been good advice due to the significant information security risks mentioned earlier, but, now, your physical computer may be on the line as well. You can also obtain and use a connector that disables access to the data lines within a USB port while still allowing charging, these devices are sometimes known as "USB Condoms” but, obviously, someone intent on harming you can pull the connector out of your device before inserting the USB Killer.

Of course, in the big picture, manufacturers should address the risk on a macro-scale. Hopefully, for example, laptop manufacturers other than Apple will start including protective technology in upcoming products, and mechanisms will be implemented to prevent unauthorised devices from connecting to USB data lines. In the meantime, stay vigilant.

Inc.com:

 

« Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake'
FBI Director Covers His Webcam With Tape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Renaissance

Renaissance

Renaissance is Ireland's premier value added distributor of IT security solutions and a leading independent provider of business continuity consultancy.

aeCERT

aeCERT

aeCERT is the national Computer Emergency Response Team for the United Arab Emirates.

S2 Grupo

S2 Grupo

S2 Grupo is the benchmark company in Europe and Latin America, for Cyber Intelligence and mission critical systems operations.

Norton

Norton

NortonLifeLock is dedicated to helping secure the devices, identities, online privacy, and home and family needs of approximately 50 million consumers.

Cyber Resilient Energy Delivery Consortium (CREDC)

Cyber Resilient Energy Delivery Consortium (CREDC)

CREDC performs multidisciplinary R&D in support of the Energy Sector Control Systems Working Group’s Roadmap of resilient Energy Delivery Systems (EDS).

BigWeb Technologies

BigWeb Technologies

BigWeb Technologies is dedicated to provide its clients with ICT related services including Infrastructure Solutions, Consultancy and Security.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Axio Global

Axio Global

Axio is a leading cyber risk management SaaS company. Our Axio360 platform gives companies visibility to their cyber risk, and enables them to prioritize investments to protect their business.

NWN Carousel

NWN Carousel

NWN Carousel delivers AI-powered technology solutions for the modern workplace. From unified communications and intelligent infrastructure to robust cybersecurity.

South East Cyber Resilience Centre (SECRC)

South East Cyber Resilience Centre (SECRC)

The South East Cyber Resilience Centre supports and helps protect SMEs and supply chain businesses and third sector organisations in the region against cyber crime.

Pillar Technology Partners

Pillar Technology Partners

Pillar Technology Partners is an Information Security Company with a focus on improving Cyber Risk and optimizing the processes and technology that underpin the security of your information assets.

Global Market Innovators (GMI)

Global Market Innovators (GMI)

Global Market Innovators (GMI) delivers secure technology solutions to organizations in need.

Sweet Security

Sweet Security

Sweet Security delivers Runtime Attack Security for Cloud Workloads.

Reality Defender

Reality Defender

Reality Defender stops deepfakes before they become a problem. Our proprietary deepfake and generative content fingerprinting technology detects video, audio, and image deepfakes.

ELK Analytics

ELK Analytics

ELK Analytics is a specialized Managed Security Services Provider (MSSP) that focuses on endpoint security and monitoring & alerting for any type of structured or unstructured data.