Slashdot Mirror

← Back to Stories (view on slashdot.org)

USB Killer 2.0: a Harmless-Looking USB Stick That Destroys Computers

Posted by timothy on from the candy-from-strangers dept.

An anonymous reader writes: Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0. When plugged into a computer, the deadly USB draws power from the device itself. With the help of a voltage converter the device's capacitors are charged to 220V, and it releases a negative electric surge into the USB port. This surge "fries" the USB port and, in the researcher's demonstration, the motherboard — perhaps not always after the first surge, but the malicious USB device repeats the process until no more power can be drawn.

16 of 229 comments (clear)

  1. USB usually means you have physic access to the PC by RobinH · · Score: 4, Insightful

    If you have local access to the PC you could just use a sledgehammer. The old 120V into the network port almost always fries the NIC as well. The fact that someone with physical access can damage your PC shouldn't be a big surprise.

    --
    "I have never let my schooling interfere with my education." - Mark Twain
  2. Re:USB usually means you have physic access to the by 0123456 · · Score: 4, Insightful

    Uh, no, it doesn't. You just drop a few of these in the parking lot outside a company, and wait for people to pick them up and stick them in their PC.

  3. Re:USB usually means you have physic access to the by xxxJonBoyxxx · · Score: 4, Insightful

    >> someone with physical access can damage your PC

    This isn't a local access attack, though. Instead, you label your attacking USB stick with your target company's name and leave it in the parking lot or at a restaurant where you know a lot of your target's employees visit. Some foolish altruist will frequently pick it up and shove it into their computer when they get back to the office. This kind of thing works great for infecting someone's computer with command-and-control malware; if anything this "wreck the computer" attack seems less useful.

  4. Re:Bonus points by Anonymous Coward · · Score: 5, Funny

    Bonus points if it has some legitmate function before it's ready to strike: 802.11n adapter, etc.

    Hypothetically of course ... Just make lots and lots of these. Get a Sharpie. Label each of them with things like TAX DOCUMENTS, ACCOUNT NUMBERS, and definitely lots of them labelled PORN COLLECTION. Drop them in hotels, restaurants, restrooms, subways, bus stops, just leave them all over town. Hilarity ensues!

    For more bonus points, act shocked when you hear about the mysterious computer-killing USB drives. Say you don't believe anyone would do such a thing.

  5. Menacing looking usb stick by thinkwaitfast · · Score: 4, Funny
    This is the best that I could find (in 6 seconds or less)

    http://i.ebayimg.com/00/$(KGrH...

  6. Re:Bonus points by rudy_wayne · · Score: 5, Interesting

    make lots and lots of these

    Label each of them with things like TAX DOCUMENTS, ACCOUNT NUMBERS, and definitely lots of them labelled PORN COLLECTION

    Drop them in hotels, restaurants, restrooms, subways, bus stops, just leave them all over town

    Open a computer repair shop

    Profit!!

  7. "Harmless-looking USB stick"? by jeffb+(2.718) · · Score: 4, Insightful

    If you believe that any unfamiliar USB stick looks "harmless", you clearly haven't been paying attention.

  8. Re:Bonus points by Mr+D+from+63 · · Score: 5, Funny

    Anti espionage: Just leave one around the office if you suspect the cleaning crew.

    Russian roulette: Get 1 killer USB and five legits and a few friends... take turns plugging into your computers.

    Search and seizure revenge: "I warned you".

  9. Re:USB usually means you have physic access to the by phishybongwaters · · Score: 5, Interesting

    Worked for Stuxnet and most other state sponsored cyber attacks. Just saying. We recently ran a "security awareness" month at the UNI I work for, giving away free flash keys to students who could show us their phone was secured at least with a password or pattern. They seemed surprised that no one bothered and most people told them they are too lazy to have to swype a pattern to unlock their phones. My suggestion was to custom build some pseudo malware, load it on those flash keys, or a set of flash keys, and leave them around campus. Nothing nefarious would happen to the user who did insert it other than an autorun popup informing them that we could have owned them right there if we wanted. The didn't go with my plan, I might still do it on my own. I'm nice like that, when I taught myself to crack into WEP and weak WPA access points that had the management page accessible over wifi and the default admin passwords set, I promptly change their SSID and passwords, letting them know they need to lock that shit down. I'm nice like that

  10. Re:Bonus points by Anonymous Coward · · Score: 4, Funny

    And hub is connected to the ... ankle bone?

  11. Re:USB usually means you have physic access to the by 140Mandak262Jamuna · · Score: 4, Insightful

    My suggestion was to custom build some pseudo malware, load it on those flash keys, or a set of flash keys, and leave them around campus. Nothing nefarious would happen to the user who did insert it other than an autorun popup informing them that we could have owned them right there if we wanted.

    Don't do it on your own. Don't do it with serious back up and written guarantee for support from higher ups. What you are doing is very similar to finding homes with unlatched/unlocked back porches, walking in sitting in the living room sofa and shouting boo when the home owners walk in. No matter how sensible and helpful your advice is, the homeowners are going to be jumpy, irritated, made to look like fools and they will hate you intensely.

    Try to do it differently. Create these USB warning devices as you planned, but give them to students, tell them what it does and ask them to "educate" their friends and relatives. Watermark each device so that they don't prank unsuspecting people.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  12. Re:Seems like this has limited usefulness by PPH · · Score: 4, Interesting

    TSA: "We're going to have to take a look through all your laptops, memory devices and phones, sir."

    Didn't they just have a big computer outage recently?

    --
    Have gnu, will travel.
  13. Re:Bonus points by fahrbot-bot · · Score: 4, Funny

    And hub is connected to the ... ankle bone?

    I tried that. The throughput was terrible. [ 0/10 do not recommend ]

    --
    It must have been something you assimilated. . . .
  14. Re:Bonus points by Anonymous Coward · · Score: 5, Interesting

    We had an office thief once. He would take anything and it didnt really matter the value. Shitty old drives, ram, a customers computer we were configuring and other random crap.

    I simply connected every line to Vcc on an old IDE hard disk and put it inside of a desk. The person who owned the desk I told them what was going on.

    Maybe two days later one of the technicians is complaining that his IDE controller no longer works. He would later admit to some drug problems and a predilection for theft.

  15. Re:Bonus points by MiniMike · · Score: 5, Funny

    Label them in large letters 'BACKUPS', and then in small letters underneath 'always make backups!'.

  16. Re:USB usually means you have physic access to the by painandgreed · · Score: 4, Insightful

    if anything this "wreck the computer" attack seems less useful.

    Imagine that you're a CIO tasked with protecting data worth billions of dollars.

    Drop a few of these in the parking lot or cafeteria, and write off a few $800 Dells to find and eliminate the employees who cannot be trained to not do stupid things that will severely damage the company.

    I'd do it.

    Ya, watch the person you catch to be the CEO.