Slashdot Mirror
USB Killer 2.0: a Harmless-Looking USB Stick That Destroys Computers
An anonymous reader writes: Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0. When plugged into a computer, the deadly USB draws power from the device itself. With the help of a voltage converter the device's capacitors are charged to 220V, and it releases a negative electric surge into the USB port. This surge "fries" the USB port and, in the researcher's demonstration, the motherboard — perhaps not always after the first surge, but the malicious USB device repeats the process until no more power can be drawn.
If you have local access to the PC you could just use a sledgehammer. The old 120V into the network port almost always fries the NIC as well. The fact that someone with physical access can damage your PC shouldn't be a big surprise.
"I have never let my schooling interfere with my education." - Mark Twain
Uh, no, it doesn't. You just drop a few of these in the parking lot outside a company, and wait for people to pick them up and stick them in their PC.
>> someone with physical access can damage your PC
This isn't a local access attack, though. Instead, you label your attacking USB stick with your target company's name and leave it in the parking lot or at a restaurant where you know a lot of your target's employees visit. Some foolish altruist will frequently pick it up and shove it into their computer when they get back to the office. This kind of thing works great for infecting someone's computer with command-and-control malware; if anything this "wreck the computer" attack seems less useful.
If you believe that any unfamiliar USB stick looks "harmless", you clearly haven't been paying attention.
Plugging random things into your computer can damage it.
Be sure to watch our followup segment on what could be in that suspicious red can you found labeled "free gas!" The results are horrifying!
People ask on forums that are full of context-experts, instead of reverting to Google/Bing/etc. results that are full of context-amateurs, because they don't want to waste their time becoming a context-expert themselves as they would need to do in order to effectively filter the Google/Bing/etc. results.
Note: if you can post a stupid statement to Slashdot, you should be able to reach your brain and extract the knowledge you have. If there is ever a rare network failure causing you to be able to type but not use your own brain, I would love to see the psychological case study of such an event.
My suggestion was to custom build some pseudo malware, load it on those flash keys, or a set of flash keys, and leave them around campus. Nothing nefarious would happen to the user who did insert it other than an autorun popup informing them that we could have owned them right there if we wanted.
Don't do it on your own. Don't do it with serious back up and written guarantee for support from higher ups. What you are doing is very similar to finding homes with unlatched/unlocked back porches, walking in sitting in the living room sofa and shouting boo when the home owners walk in. No matter how sensible and helpful your advice is, the homeowners are going to be jumpy, irritated, made to look like fools and they will hate you intensely.
Try to do it differently. Create these USB warning devices as you planned, but give them to students, tell them what it does and ask them to "educate" their friends and relatives. Watermark each device so that they don't prank unsuspecting people.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
if anything this "wreck the computer" attack seems less useful.
Imagine that you're a CIO tasked with protecting data worth billions of dollars.
Drop a few of these in the parking lot or cafeteria, and write off a few $800 Dells to find and eliminate the employees who cannot be trained to not do stupid things that will severely damage the company.
I'd do it.
Ya, watch the person you catch to be the CEO.