‘USB Killer’ Destroys Electronic Devices

Uploaded on 2016-09-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Last year, a hacker demonstrated a prototype of a small USB device, the size of a small USB drive, that could destroy electronics into which it was plugged. 

Dubbed the "USB Killer," the device damaged electronics by sending a surge of power onto the data lines used to communicate.

Now a Hong Kong based firm, aptly named "USB Killer", is offering such an eponymous device for sale. When the USB Killer is inserted into a USB port of a laptop, television, printer, or any other USB-enabled piece of electronics, it rapidly charges small capacitors within it from the USB power source to which it is connected. 

When the capacitors are fully charged, which can take less than a second, the device quickly discharges the power over its data lines, thereby sending an unexpected surge of power into the device to which it is connected. The USB Killer repeats this cycle as long as it is plugged in, but even the first discharge is likely to damage many electronic devices. 

Security experts have long been cautioning about the danger to electronic devices posed by leaving USB ports uncapped. In the past we have focused primarily on the risk of someone sticking into a computer some USB device infected with malware, and the resulting risk to information security but, now, the physical risk, once considered small, other than in the case of highly sensitive systems targeted by advanced attackers, may become widespread.

The makers of the USB Killer claim that their device can kill 95% of devices with USB ports, but Apple laptops are not included in the 95%. Apple, they say, has already implemented technology to protect its products, a security move that is certainly commendable.

It should be noted that future versions of USB C, still a fairly uncommon type of USB connector, may help address the risk of USB Killer device type devices by including functions that prevent unauthorised devices from connecting to the power or data lines of computers and smart devices; of course, that does nothing to protect the billions of devices already in the market, and also assumes that future security protocols cannot be circumvented or subverted.

So, what should you do now? Don't leave laptops or other electronic devices unattended in places where someone intent on inflicting harm might be able to plug devices into USB ports. That has always been good advice due to the significant information security risks mentioned earlier, but, now, your physical computer may be on the line as well. You can also obtain and use a connector that disables access to the data lines within a USB port while still allowing charging, these devices are sometimes known as "USB Condoms” but, obviously, someone intent on harming you can pull the connector out of your device before inserting the USB Killer.

Of course, in the big picture, manufacturers should address the risk on a macro-scale. Hopefully, for example, laptop manufacturers other than Apple will start including protective technology in upcoming products, and mechanisms will be implemented to prevent unauthorised devices from connecting to USB data lines. In the meantime, stay vigilant.

Inc.com:

 

« Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake'
FBI Director Covers His Webcam With Tape »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI)

Homeland Security Investigations (HSI) is a premier federal law enforcement agency within the Department of Homeland Security (DHS).

AVG Technologies

AVG Technologies

AVG is focused on providing home and business computer users with the most comprehensive and proactive protection against computer security threats.

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA)

Professional Insurance Agents (PIA) offer commercial insurance services including Cyber Liability insurance.

Qatar Computing Research Institute (QCRI)

Qatar Computing Research Institute (QCRI)

QCRI perform cutting-edge research in such areas as Arabic language technologies, social computing, data analytics, distributed systems, cyber security and computational science and engineering.

IFE Digital Systems

IFE Digital Systems

IFE Digital Systems conducts research, development and consultancy in risk, safety and security related to digital systems in critical infrastructure.

Risk Ledger

Risk Ledger

Risk Ledger is improving the security of the global supply chain ecosystem, reducing the number of data breaches experienced through supply chain attacks by companies and consumers alike.

WebSec B.V.

WebSec B.V.

WebSec is a Dutch Cybersecurity firm mainly focused on offensive security services such as pentesting, red teaming and security awareness and phishing campaigns.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

Teleport

Teleport

Teleport is a remote-first technology company. We enable engineers to quickly access any computing resource anywhere on the planet.

Cyber Security Works (CSW)

Cyber Security Works (CSW)

Cyber Security Works is your organization’s early cybersecurity warning system to help prevent attacks before they happen.

WhiteJar

WhiteJar

WhiteJar offers an innovative approach to modern cybersecurity needs, empowering Ethical Hackers within its unique crowd platform.

Cyware

Cyware

Cyware is the only company building Virtual Cyber Fusion Centers enabling end-to-end threat intelligence automation, sharing, and unprecedented threat response for organizations globally.

Astrill VPN

Astrill VPN

Astrill VPN is a Seychelles based Virtual Private Network(VPN) Company.

Aravo Solutions

Aravo Solutions

Your Extended Enterprise is full of hidden risks – Aravo makes them visible, measurable, and manageable.

StrongBox.Academy

StrongBox.Academy

StrongBox.Academy provides cybersecurity training courses that are tailored to the specific needs and challenges of the industry.

BARR Advisory

BARR Advisory

At BARR Advisory, we build trust through cyber resilience. We help protect the world’s data, people, and information networks through a human-first approach to cybersecurity and compliance.