The USB Kill Stick, Priced at $56, Is Designed To Destroy Laptops, PCs, TVs

There's a new USB Kill device in the market today which can destroy any device it touches. ZDNet reports: For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it. It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in a matter of seconds. On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware." You might be forgiven for thinking, "Well, why exactly?" The lesson here is simple enough. If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.

As the saying goes...

[Hognoxious]

If you have physical access to the device, you can beat the fucking shit out of it with a rock.

Re:So?

[110010001000]

Argh, I was going to sell them my hammer for $55! Stop undercutting my price!

Re:So?

[Spy+Handler]

If you put a hammer inside a box marked "Newegg" and send it to someone, upon opening the box he will most like *not* use it to destroy his computer.

But if you do the same thing with a USB stick zapper, there's a pretty good chance that he will stick it in his computer and end up with a fried computer.

Re:So?

It would be a terrible shame if law enforcement personnel were to illegally confiscate and subsequently attempt to read the contents of USB devices which immediately destroyed whatever they were plugged into. It really would be a shame. -PCP

Less malign devices

[phorm]

I wonder what other fun things you could do with a USB-charged capacitor, preferable things that don't cause actual damage.
How about a tiny speaker that plays in a loop
  "This idiot just plugged in a hacked USB device!"

Re:Fairy dust and unicorn dreams.

[rahvin112]

Didn't see the You-tube video of the concept version of this being demoed on a laptop did you? Fried the screen and board in the first pulse and took out the power system and everything else with the second (each pulse takes about a second to charge and release). These things are not pushing a 10V signal on a 5V line, they are pumping a 230V charge into the port with magnitudes more amperage than static electricity, the simple over-voltage protections on current USB ports can't protect against this.

A real solution to a device like this will require a far more robust design on the over-volt protection on the ports. Something that can resist 200V+.

Re:Ugh, Sometimes I hate people

[harrkev]

As an EE, I have some experience with this. I really do digital logic chip design, and leave the design of the IO pins to the analog guys (and I am NOT an analog guy)...

However, pins are designed to dissipate excess charge using the "human body model." The specification is charging a small capacitor to a few thousand volts and dissipating that into a pin. Since the capacitance is small, the total amperage is very small. There are zener diodes built into IO pads that can handle this small amount of current. An ESD event will only last for the barest fraction of a second. Now, if you actually intentionally put too much voltage across pins for a prolonged period of time, I can easily imagine those zener diodes dying. Once that happens, the voltage will start to play merry hell with the logic.

I also did some government (military) work a decade ago. With those systems, you generally hardened them against EMP pulses (don't want a nuke taking down your electronics), so we used something called "transorbs.". Basically, these are big, beefy external zener diodes that can clamp this type of event. HOWEVER, from what I recall, those diodes put too much capacitance on the line, which would do very bad things to high-speed data lines, such as the ones found in USB data lines. Transorbs are great for things like low-speed serial port lines (which explains standards like MIL-STD-1553. I do not know if transorbs have improved much (not done that sort of thing for 10 years), but these are the types of problems you have to face when dealing with something like this -- the devices needed to protect your USB ports might just make your USB ports unusable.

Re:So?

[WolfgangVL]

Wait, full stop. Your saying when my shit is confiscated and used against my wishes in an un-intended application by an uninformed outside operator (read: not me) I am somehow liable when this not me person uses it wrong and asses up his own gear? What about my right to remain silent? What if its labeled PERSONAL?

What if I straight up TELL the border control agent -
"This thumbdrive is dangerous and will kill his computer, do not attempt to view the contents?"

This is a real honest question. No snark.

I love the idea of a nasty little red herring hiding in my personal private papers and effects.