‘USB Killer’ Destroys Electronic Devices

Last year, a hacker demonstrated a prototype of a small USB device, the size of a small USB drive, that could destroy electronics into which it was plugged. 

Dubbed the "USB Killer," the device damaged electronics by sending a surge of power onto the data lines used to communicate.

Now a Hong Kong based firm, aptly named "USB Killer", is offering such an eponymous device for sale. When the USB Killer is inserted into a USB port of a laptop, television, printer, or any other USB-enabled piece of electronics, it rapidly charges small capacitors within it from the USB power source to which it is connected. 

When the capacitors are fully charged, which can take less than a second, the device quickly discharges the power over its data lines, thereby sending an unexpected surge of power into the device to which it is connected. The USB Killer repeats this cycle as long as it is plugged in, but even the first discharge is likely to damage many electronic devices. 

Security experts have long been cautioning about the danger to electronic devices posed by leaving USB ports uncapped. In the past we have focused primarily on the risk of someone sticking into a computer some USB device infected with malware, and the resulting risk to information security but, now, the physical risk, once considered small, other than in the case of highly sensitive systems targeted by advanced attackers, may become widespread.

The makers of the USB Killer claim that their device can kill 95% of devices with USB ports, but Apple laptops are not included in the 95%. Apple, they say, has already implemented technology to protect its products, a security move that is certainly commendable.

It should be noted that future versions of USB C, still a fairly uncommon type of USB connector, may help address the risk of USB Killer device type devices by including functions that prevent unauthorised devices from connecting to the power or data lines of computers and smart devices; of course, that does nothing to protect the billions of devices already in the market, and also assumes that future security protocols cannot be circumvented or subverted.

So, what should you do now? Don't leave laptops or other electronic devices unattended in places where someone intent on inflicting harm might be able to plug devices into USB ports. That has always been good advice due to the significant information security risks mentioned earlier, but, now, your physical computer may be on the line as well. You can also obtain and use a connector that disables access to the data lines within a USB port while still allowing charging, these devices are sometimes known as "USB Condoms” but, obviously, someone intent on harming you can pull the connector out of your device before inserting the USB Killer.

Of course, in the big picture, manufacturers should address the risk on a macro-scale. Hopefully, for example, laptop manufacturers other than Apple will start including protective technology in upcoming products, and mechanisms will be implemented to prevent unauthorised devices from connecting to USB data lines. In the meantime, stay vigilant.

Inc.com:

 

« Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake'
FBI Director Covers His Webcam With Tape »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

FREE eBook: Practical Guide To Optimizing Your Cloud Deployments

AWS Marketplace eBook: Optimizing your cloud deployments to accelerate cloud activities, reduce costs, and improve customer experience.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

A simple and cost-effective solution to monitor, investigate and analyze data from the web, social media and cyber sources to identify threats and make better security decisions.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab

NUS-Singtel Cyber Security R&D Lab conducts research into predictive security analytics.

CUIng.org

CUIng.org

The CUIng initiative was launched to tackle the problem of criminal exploitation of information hiding techniques.

QuintessenceLabs

QuintessenceLabs

QuintessenceLabs offers a suite of Data Security technology, products and solutions to secure digital information in-transit, at-rest or in-use.

True Cybersecurity

True Cybersecurity

True Cybersecurity services include security audits, network and application security, managed security services and incident response.

The Cyber Security Expert

The Cyber Security Expert

The Cyber Security Expert delivers cyber security consultancy, website and cloud security monitoring services, and specialist training services.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

Steadfast ICT Security

Steadfast ICT Security

Steadfast provides specialised information security management services for Government and Enterprise customers.