‘USB Killer’ Destroys Electronic Devices

Uploaded on 2016-09-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Last year, a hacker demonstrated a prototype of a small USB device, the size of a small USB drive, that could destroy electronics into which it was plugged. 

Dubbed the "USB Killer," the device damaged electronics by sending a surge of power onto the data lines used to communicate.

Now a Hong Kong based firm, aptly named "USB Killer", is offering such an eponymous device for sale. When the USB Killer is inserted into a USB port of a laptop, television, printer, or any other USB-enabled piece of electronics, it rapidly charges small capacitors within it from the USB power source to which it is connected. 

When the capacitors are fully charged, which can take less than a second, the device quickly discharges the power over its data lines, thereby sending an unexpected surge of power into the device to which it is connected. The USB Killer repeats this cycle as long as it is plugged in, but even the first discharge is likely to damage many electronic devices. 

Security experts have long been cautioning about the danger to electronic devices posed by leaving USB ports uncapped. In the past we have focused primarily on the risk of someone sticking into a computer some USB device infected with malware, and the resulting risk to information security but, now, the physical risk, once considered small, other than in the case of highly sensitive systems targeted by advanced attackers, may become widespread.

The makers of the USB Killer claim that their device can kill 95% of devices with USB ports, but Apple laptops are not included in the 95%. Apple, they say, has already implemented technology to protect its products, a security move that is certainly commendable.

It should be noted that future versions of USB C, still a fairly uncommon type of USB connector, may help address the risk of USB Killer device type devices by including functions that prevent unauthorised devices from connecting to the power or data lines of computers and smart devices; of course, that does nothing to protect the billions of devices already in the market, and also assumes that future security protocols cannot be circumvented or subverted.

So, what should you do now? Don't leave laptops or other electronic devices unattended in places where someone intent on inflicting harm might be able to plug devices into USB ports. That has always been good advice due to the significant information security risks mentioned earlier, but, now, your physical computer may be on the line as well. You can also obtain and use a connector that disables access to the data lines within a USB port while still allowing charging, these devices are sometimes known as "USB Condoms” but, obviously, someone intent on harming you can pull the connector out of your device before inserting the USB Killer.

Of course, in the big picture, manufacturers should address the risk on a macro-scale. Hopefully, for example, laptop manufacturers other than Apple will start including protective technology in upcoming products, and mechanisms will be implemented to prevent unauthorised devices from connecting to USB data lines. In the meantime, stay vigilant.

Inc.com:

 

« Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake'
FBI Director Covers His Webcam With Tape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Tech Industry Forum (TIF)

Tech Industry Forum (TIF)

Tech Industry Forum is a not-for-profit, membership driven trade body. We bring together end users and some of the UK’s leading cloud, software, platform, infrastructure, and service providers.

Redicom

Redicom

Redicom is an independent consulting agency focusing on identity management, strong authentication and single-sign-on.

Korea Information Security Industry Association (KISIA)

Korea Information Security Industry Association (KISIA)

KISIA is a non-profit organization for the information security industry in Korea.

Innotec Security

Innotec Security

Innotec Security is a Spanish company specializing in cybersecurity-as-a-service, cyber resilience and cyber risk management.

Saudi Federation for Cyber Security and Programming (SAFCSP)

Saudi Federation for Cyber Security and Programming (SAFCSP)

SAFCSP is a national institution under the umbrella of the Saudi Arabian Olympic Committee, which seeks to build national and professional capabilities in the fields of cyber security and programming.

Commonwealth Cybercrime Initiative (CCI)

Commonwealth Cybercrime Initiative (CCI)

The CCI unites 35 international organisations contributing to multidisciplinary programmes in Commonwealth countries. These organisations form the CCI Consortium.

Cyber Covered

Cyber Covered

Cyber Covered provide complete website & data cover with market leading cyber insurance and powerful compliance software in one affordable package.

SmartContractAudits.com

SmartContractAudits.com

SmartContractAudits.com is the leading platform for finding companies providing smart contract auditing services.

Blu Venture Investors (BVI)

Blu Venture Investors (BVI)

Blu Venture Investors is a venture capital firm that supports early stage companies with a focus on technology in diverse domains including cybersecurity, IoT, defense and homeland security.

Cyber Smart Defense

Cyber Smart Defense

Cyber Smart Defense is a specialist provider of penetration testing services and IT security audits.

Research Institute in Verified Trustworthy Software Systems (VeTSS)

Research Institute in Verified Trustworthy Software Systems (VeTSS)

The main purpose of VeTSS is to support program analysis, testing and verification, to achieve guarantees of software correctness, safety, and security.

DNX Ventures

DNX Ventures

Based in Silicon Valley and Tokyo, DNX Ventures is an early stage VC for B2B startups in sectors including Cybersecurity.

SightGain

SightGain

SightGain is the only integrated risk management solution focused on cybersecurity readiness using real-world attack simulations in your live environment.

Armo

Armo

Armo technology enhances any Kubernetes deployment with security, visibility, and control from the CI/CD pipeline through production.

Suffescom Solutions

Suffescom Solutions

Suffescom Solutions is a leading blockchain development company, assisting businesses in harnessing the true potential of blockchain technology.

ACDS (Advanced Cyber Defence Systems)

ACDS (Advanced Cyber Defence Systems)

ACDS was founded in the belief that cyber security can be done better. We’re combining emerging technologies and proven methods to bring a new approach to tackling the growing threat landscape.