Slashdot Mirror
The USB Kill Stick, Priced at $56, Is Designed To Destroy Laptops, PCs, TVs (zdnet.com)
There's a new USB Kill device in the market today which can destroy any device it touches. ZDNet reports: For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it. It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in a matter of seconds. On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware." You might be forgiven for thinking, "Well, why exactly?" The lesson here is simple enough. If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.
Whoopee. I can hit it with a hammer for free, or plug it into the power line for a couple of bucks.
I have a hammer that can do the same thing. Or a bottle of water. I'll sell it to you for $55.
I can see a lot of wasted costs if this *cough *cough "product" ever catches on. Working all my life at device manufacturers this is one I'd like to put back in the bottle.
Just cut off a lamp cord, stick the bare end in the USB port and plug the other end into the wall socket.
Really, $56 to zap something?
I don't read your sig. Why are you reading mine?
I wonder if the USB spec allows for a TVS on the port to protect it from things like this.
I would put one in if I was designing a board that was somewhat critical. I would hope people designing electronics for aircraft would do the same.
If you have physical access to the device, you can beat the fucking shit out of it with a rock.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
This is not particularly clever. Why not just put glue in the USB port?
Just put an AC Line Cord in the USB Port.
Proof Of What Concept? That Over-voltage destroys electronics?
"now fits in any security tester's repertoire of tools and hacks"
It either Blows the Port or the Mother Board. Why would a security Test need it? Damaging computers tests what?
Clearly for peaceful purposes, like "security testing"
How is this different from any other form of vandalism? I'm guessing an exposed earphone jack on an airplane's entertainment console can also be used to harm the device. Saying this is an example of insecurity is like saying that a door being flammable is an example of a door being insecure.
Hmm, it is possible to convert a 5V DC voltage to a much higher value. But it would have to have big value capacitors to store this charge, so it's not going to be a small stick.Still, I'd put in so a series of high voltage of 20V pulses which would damage unprotected circuitry overtime. But they would be low current, so don't expect a bang or smoke.
A 20 lb. sledge hammer costs less and works just a well.
Is it evil if I were to buy several of these, scratch the warning off, and leave them around the building/parking lot after a computer security meeting just to see who plugs it in first?
It would be good if you're about to go through a US (or any) border and they demand your equipment. Plug this sucker in (here you're gonna demand this too!) and when they try to look at your shit, play stupid and blame them for it being fucked up. Make a big stink for their stupidity, take down their badge numbers and by the time they figure it out, you're gone baby!
with clamping diodes and fuses. But that costs more money.
Electronic pulse igniters could be bought for a lot less. And they do just the same to your electronics, though they are not as handy as this new gadget.
I had a very similar idea years and years ago, but for electrical outlets on sensitive power circuits.
wallwart sized device charges up many megavolts in a resonant coil, then discharges it back into the mains.
the breaker will blow from the backfed voltage, but all the expensive devices attached will be smoked.
given how often proper building wiring is real consideraton over cost (sarcasm), and how useful a major, system wide disruption of this nature can be for interntional terrorism/counter intelligence, I could truly see such a device existing and being used.
the device could be concealed as a phone charger in todays world. nobody would find it even the least bit suspicious for a random person to sit down and plug in like that these days.
what is old is new again
Damn! Is there ANY legit reason for this "USB Taser" to exist?!?
The gun will "instantly and permanently disable unarmored hardware." You might be forgiven for thinking, "Well, why exactly?" The lesson here is simple enough. If a device does not have an armored housing -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also kinetic attacks.
I think photon torpedos or "phasers set to kill" would be cool :)
A "kill sledgehammer" works for the same reasons.
I wonder what other fun things you could do with a USB-charged capacitor, preferable things that don't cause actual damage.
How about a tiny speaker that plays in a loop
"This idiot just plugged in a hacked USB device!"
I mean I can also take a baseball bat or a gun to whatever I want to destroy. How is this any less stupid?
Nope, nope and nope.
...ops...sparks fly...and a shock was felt? How come your computer survives those jolts every day? Easy, they ALL have this kind of overvoltage protection.
Guess who decided to drop this post a message? Its me! Someone with actual knowledge of electronics. The device you see there is 99% incapable of destroying anything but an USB port at best. Most modern motherboards today come with high voltage protection, this is the usual anti-static protection that has been implemented in chips for years. You know...when you walk around with wool clothes on a carpet, your body is essentially ONE big capacitor walking around with potentially kilovolts in your body. Have you ever greeted someone and
If this device as described in the OP does as its advertised, then its no more than that, at best it will kill your USB port, or as usual...it will just make your resettable autofuse react as long as your computer is on, and when its turned off and on again, everything will be back to normal, nothing to see here...move along.
Now, if you REALLY wanted to make an USB device that actually destroys your or anyones computer, youd want it to come with the latest in worms and computer virus technology, preferably those that can exploit any firmware/software bugs known to mankind, bonus points if you can activate the sleeping all-in-one-computers that resides inside intel processors.
What this world is coming to - is for you and me to decide.
Since when is $56 "a few bucks"?
A lot of amused pentesters explaining to their employer that until their employees stop plugging in random USB sticks they really can't help.
Why would this be more legal compared to carrying a bottle of cyanide and putting it in any unprotected food in grocery store, restaurant etc? Yes, you can buy stuff to destroy valuable, but don't cry wolf if you lend up in jail for life.
It would cost a bit to implement, but wouldn't be at all hard to develop: a USB port that kills 'kill sticks'. Protect the data lines, sense the way-too-high voltage coming in on said lines, and counter it with a power source having *bigger* voltage and substantial current capability. One $55 investment down the drain, and one fucktard of a vandal gets a comeuppance. Bonus points for implementing video capture, and sounding a loud piezo buzzer, as soon as the vandalism attempt is sensed.
Of course, minus points if it accidentally fries a legitimate device plugged into the port...
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
You could really boost the malicious success rate by calling this a "Steampunk USB Memory Key". It does actually look pretty cool aesthetically.
So smart! Then you get to replace your "equipment". You sure showed them! Such geniuses on Slashdot.
If there's something on your laptop that'll get you put in jail, fined or shot, or trade secrets or whatever - fuck the laptop! Some dipshit $2,000 laptop is nothing to the $50,000+ in legal expenses you'll easily blow getting your sorry ass out of jail or protecting your property. AND YOU ARE IN JAIL getting buttfucked. And you can give some jack boot hard time in the process.
God, some of you people are so short sighted!
Someone's going to get this and fuck shit up for the lulz.
If you were me, you'd be good lookin'. - six string samurai
Actually saw this developed last year by this guy https://habrahabr.ru/post/2684... via http://hackaday.com/2015/10/10...
Just in time for November...
"The device maker said that Apple "voluntarily" protected its hardware."
+1 for apple fan boys.
Half a dozen of us, all kids, watching TV. Time passes. All is well. Suddenly we see a bright blue flash. The youngest kid, possibly with the help of another young one, had plugged an amputated electrical cord into the wall socket, then randomly touched the heat register. This was the house of neighbors -- they had 7 children, most adopted. So, don't leave your heat registers lying around.
I come here for the love
Listen, Ethan. Budget cuts are few and far between in this organization you work for. So instead of the usual This message will self destruct in 5 seconds you will now hear the message You will insert the unmarked USB key in the slot --you *do* have it, don't you -- to proceed with destruction of the message.
Provocateur
Just spil water into it.
I'd pay that, assuming it has at least 32Gigs of space.
Other ways I can attack the copy machine.
I could light it on fire.
I could throw it off a building.
I could tie a brick around it and drop it into the ocean.
I could threaten to expose the its darkest secrets to the copy machine's family.
“Common sense is not so common.” — Voltaire
Wireless, kills your device and the device killer.
So easy
. $249.99
Waiting for an amusing sig.
Hillary just ordered 500.
I almost forgot!
The last design I examined back in 2015 used an inverting DC-DC converter. The converter would take power from the USB port to charge a capacitor bank up to -110VDC, and dumps it in the data pins, and repeats until there is no longer power to the bus. This is how it bypasses/destroys any TVS diodes.
I would love to have a version with a hidden switch to change between data storage and kill, that destroys the data along with the computer it is plugged in to.
Imagine the look on the thief's face when he plugs it in.
Or the TSA, since they seem to have a thing for rummaging through your shit. I bet you could even warn them and they would laugh it off and plug it in anyways.
out of antimatter
It not only destroys the device you plug it into, but also the city where it is located
Because there is always some asshole who feels the need to break stuff.
These public USB Power ports were set up as a convenience for the public and the customers, so that Doctor can have his phone charged so he doesn't miss that life saving call. They are giving us free energy to power our mobile devices. The TVs to entertain us, while we are stuck waiting. But no there has to be some jerk who needs to find a way to break it. We can't have an infrastructure for new technology now, just because it can be broke.
Now this device is just for bad people to do bad things, there is no good in it. It isn't even good enough for properly destroying technology as for the most part it will probably just damage the USB interface card and not reliably break the rest of the system.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
Buyers list will be sent to the FBI
And I always just used an usb connector fixed onto one side of a 3 Meter power cable, I guess I'm too oldschool for this.
When I was in 8th grade, I built something similar...it consisted of a power cable which I snipped off of some old device, with the two terminals tied together to create a short circuit. I even wrapped the end in electrical tape to protect myself from electrical shock.
It was harmless fun tripping the circuit breakers in class, sometimes a test would get postponed...
One day, I found the room that was wired incorrectly. After almost starting an electrical fire, I managed to smack the smoldering remains of the plug out of the wall with my shoe. A distinctive burning plastic smell permeated throughout the room of my pre-calculus class.
It's all fun and games until someone burns down the house.
For about 6 bucks
http://www.fiftythree.org/ethe...
Public electrical outlets are everywhere. I'm sure someone can create a bomb that can be plugged in.
"-200VDC is discharged over the data lines of the host device." is all it says, but the charge will be tiny, i find it doubtful that this will do anything beyond maybe fry the usb controller or possibly some diodes.
i mean, sure, yeah, you can destroy anything from the device itself, to the usb port it's in, to the usb interface controller. who knows, okay let's so you can set the entire machine on fire and vaporize it in an instant and whoosh disappear from the building, end of mission. mission successful. asset destroyed.
okay so the next morning they open up shop, see the vaporized computer, and replace it because hello redundancy.
they not only replace the redundant hardware and all the redundant data stored on it, even while the machine was down some other machine was carrying its burden because again redundancy. sorry to be redundant but redundancy.
way to "test" the system.
then you wake up the next morning and overnight the local librarians were showing video tape to the cops of you plugging something at exactly the time it stopped working, and then you jet out like you've seen a ghost. or maybe you're real brave and destroyed some college property like a real professional hollyhackerwood. nice going so you're giggling into your mug full of cheerios (sick life hack yo) and down comes your front door and somebody shoots you in the heart because (1) hackers don't have quite bad enough image yet, it needs to get way iller up in hackland (2) they thought the coffee mug was a gun sorry you had to go that way my hacker compadre.
but you kind of brought it down on yourself.
"Stratigraphically the origin of agriculture and thermonuclear destruction will appear essentially simultaneous" -- Lee
can this wipe my laptop for the DHS? "here is the USB I use for unlocking it" OOPS! now what did you want to see? :-)
slot machines with usb changing ports seems like a like some may want to destroy after losing big. I do hope they have there own power source.
They left the USB in the parking lot outside a secure facility. Some idiot picked it up on his way into work. Bam they penetrated the network.
Some asshole could leave this lying anywhere outside, some place he didn't like. neighbor pisses you off? leave it in their mailbox...
90% of the people who found one would plug it in. Hell, I know the risks in IT security and my curiosity might even get the best of me...
To any asshole who purchases and uses this shit I have a bullet for you.
This is why we cant have nice things.... destroy, destroy, destroy!!
Hopefully the original creator submitted a patent application and he can sue this company for monetizing his design or at least get their importation blocked at customs. Maybe there's a case to be made here for defensive patents.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Okay, so it is time to design a device to detect an overvoltage condition on any external I/O pin and sound a LOUD audible alert and/or send an administrative alert over Wi-Fi. Will this add cost? Yes of course, but we live in an era where the cost is justified for those who deploy electronics in public spaces.
I'll bet there will be a lot of voting machines destroyed with these.
Non sequitur: Your facts are uncoordinated.
Sure, you could do this.
A smarter man would use usb to exploit a weakness in the computer.
Pro tip: most things are actually susceptible to shit like this. This is not news.
Anyone got a theory on what these things might do to a smart TV, or just a general-purpose TV with a slideshow feature on it that reads the USB drive? Would it likely fry the USB bus, or would this thing push through to wipe out the main board, as well?
I had a sucky sig.
This line of stories where any kind of physical access to a device can be abused in an unexpected and incredibly convoluted way is completely out of control. Hey guys! If you discharge a big capacitor into sensitive electronics IT BREAKS! WOW! HEADLINE!
So let's say manufacturers, shaken awake by this completely unexpected use of their devices, now protect their electronics from this attack. Next year: "Hey guys! If you stick a 240V line directly into your USB port IT BREAKS! WOW! HEADLINE!"
So they fix that too, although I couldn't imagine why they'd want to. The year after: "Hey guys! If you fly a metal object on a metal wire during a thunderstorm and link the metal wire directly into your USB port IT BREAKS! WOW! HEADLINE!"
Like I said, it is getting ridiculous. Just like all those completely pointless side-channel attacks. Why, yes, if you stand next to a 3D printer, you _can_ in fact listen to it and presumably get some vague idea of what's being printed. Or you can just, you know, look at the damn device you are standing right next to. So this attack is great news for all spies who have physical access to sensitive 3D printers that are covered by blankets - and of not much use, or concern, to everyone else.
Stop it already with the silly fear mongering. Side channel attacks that require access that would allow a far more direct attack to take place are completely pointless, and need not be reported on (or maybe we can have a summary topic every year, a "best of the stupidest" kind of thing). And discharging big capacitors tends to destroy electronics. It's not "news for nerds" and it is not "stuff that matters". But maybe this site is now "slashdot: clickbait for nerds and stuff that sounds good but has no substance whatsoever"...
If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.
So anything uncovered deserves what it gets? That's a muslim way of thinking.
The evil doer is first getting power from the mother ship and destroying the mother ship with that power. That is it is not self powered or has external power source. So all you do to protect yourself is don't feed someone who can turn against you. The OS should first give a little power (few milli amps for few mins say) and then ask for clear authorization; a user should approve the device etc. Else just cut off power to that USB.
It's like you don't support (with money say) a family member or friend (say his business) who can become so powerful with your money that they can turn against you / your business.
I was about to say that nobody would be stupid enough to design a voting machine with a publicly exposed USB port.
Then I remembered who makes voting machines.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
This tool will produce the same result:
https://www.amazon.com/dp/B00LLM8POY
only $18.
I can do that for free just by jamming a couple of bare wires into a power outlet and then ramming them into the USB port.
I fail to see how this will damage anything other than the USB controller hub, seeing as how typically peripherals are powered by their own isolated power supply either on the board power distribution or even from the main power supply. Maybe some boards will share a line if they are poorly deisgned, but the 900mA requirement for USB2.0/3.0 almost certainly guarantees a dedicated power plane on the opposite side of a bunch of diodes to prevent exactly this. Same goes for most peripherals: rarely are outside-facing power supplies left unprotected.
https://www.accountkiller.com/removal-requested