‘USB Killer’ Destroys Electronic Devices

Uploaded on 2016-09-30 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, TECHNOLOGY--Resilience

Last year, a hacker demonstrated a prototype of a small USB device, the size of a small USB drive, that could destroy electronics into which it was plugged. 

Dubbed the "USB Killer," the device damaged electronics by sending a surge of power onto the data lines used to communicate.

Now a Hong Kong based firm, aptly named "USB Killer", is offering such an eponymous device for sale. When the USB Killer is inserted into a USB port of a laptop, television, printer, or any other USB-enabled piece of electronics, it rapidly charges small capacitors within it from the USB power source to which it is connected. 

When the capacitors are fully charged, which can take less than a second, the device quickly discharges the power over its data lines, thereby sending an unexpected surge of power into the device to which it is connected. The USB Killer repeats this cycle as long as it is plugged in, but even the first discharge is likely to damage many electronic devices. 

Security experts have long been cautioning about the danger to electronic devices posed by leaving USB ports uncapped. In the past we have focused primarily on the risk of someone sticking into a computer some USB device infected with malware, and the resulting risk to information security but, now, the physical risk, once considered small, other than in the case of highly sensitive systems targeted by advanced attackers, may become widespread.

The makers of the USB Killer claim that their device can kill 95% of devices with USB ports, but Apple laptops are not included in the 95%. Apple, they say, has already implemented technology to protect its products, a security move that is certainly commendable.

It should be noted that future versions of USB C, still a fairly uncommon type of USB connector, may help address the risk of USB Killer device type devices by including functions that prevent unauthorised devices from connecting to the power or data lines of computers and smart devices; of course, that does nothing to protect the billions of devices already in the market, and also assumes that future security protocols cannot be circumvented or subverted.

So, what should you do now? Don't leave laptops or other electronic devices unattended in places where someone intent on inflicting harm might be able to plug devices into USB ports. That has always been good advice due to the significant information security risks mentioned earlier, but, now, your physical computer may be on the line as well. You can also obtain and use a connector that disables access to the data lines within a USB port while still allowing charging, these devices are sometimes known as "USB Condoms” but, obviously, someone intent on harming you can pull the connector out of your device before inserting the USB Killer.

Of course, in the big picture, manufacturers should address the risk on a macro-scale. Hopefully, for example, laptop manufacturers other than Apple will start including protective technology in upcoming products, and mechanisms will be implemented to prevent unauthorised devices from connecting to USB data lines. In the meantime, stay vigilant.

Inc.com:

 

« Careless: NSA Hacking Tools Theft Due To Operative's 'Mistake'
FBI Director Covers His Webcam With Tape »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Center for a New American Security (CNAS)

Center for a New American Security (CNAS)

CNAS is the nation's leading research institution focused on defense and national security policy. Cyber security issues are an intrinsic element of the national security debate.

GrammaTech

GrammaTech

GrammaTech is a leading developer of software-assurance tools and advanced cyber-security solutions.

Signifyd

Signifyd

Signifyd is the world's largest provider of Guaranteed e-Commerce Fraud Protection.

Waratek

Waratek

Waratek is a pioneer in the next generation of application security solutions known as Runtime Application Self-Protection or RASP.

C2A Security

C2A Security

C2A Security offers a comprehensive suite of cyber security solutions for the automotive industry, providing in-vehicle end-to-end protection.

Corrata

Corrata

Corrata is an award-winning provider of mobile security and data control solutions for enterprises.

International Accreditation Forum (IAF)

International Accreditation Forum (IAF)

The IAF is the world association of Conformity Assessment Accreditation Bodies. Its primary function is to develop a single worldwide programme of conformity assessment.

Red Points

Red Points

Red Points protects your brand and content in the digital environment.

Analygence

Analygence

ANALYGENCE is your trusted partner for mission support, cyber solutions, and management services.

AutoSec

AutoSec

AutoSec supports the FFI program Electronics, Software and Communication by dissemination and exploitation of the results of projects related to automotive cybersecurity.

Kiteworks

Kiteworks

Kiteworks (formerly Accellion) creates a dedicated Private Content Network that ensures zero-trust private content protection and compliance.

Orro Group

Orro Group

Orro create 'future now' solutions that make it faster, simpler and safer for you to access, store and share information. Wherever, whenever and with whomever you want.

Flexxon

Flexxon

Flexxon is the industry leader to develop NAND flash storage devices. Our key focus is to innovate memory devices ensuring data security and reliability.

Randaemon

Randaemon

RANDAEMON’s mission is to create True Random Number Generators (TRNG) that are hardware-based and integrated into System-on-Chip.

EtherAuthority

EtherAuthority

EtherAuthority's engineering team has been helping blockchain businesses to secure their smart contract based assets since 2018.

QualySec

QualySec

QualySec is a leading cybersecurity firm specializing in comprehensive penetration testing and risk assessment services.