Slashdot Mirror
The 'USB Killer' Has Been Mass Produced -- Available Online For About $50 (arstechnica.com)
New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.
Of course they have current limited USB switches. The point is this device slowly collects charge over time then drops it onto the data lines instantly. The protection diodes found within the USB host are only designed for ESD-like voltages and currents. They can not handle a high voltage being applied for a long time. They blow then the rest of the USB chipset blows. If you are really lucky, the charge then passes through the USB chipset and blows other ICs in the host.
That is basically what a protection diode is - except they do not use zener diodes. They have one diode connected to ground and one to VCC. If the voltage drops below ground, one diode conducts clamping the voltage to ~-0.7v. If the voltage increases beyond VCC, the other diode conducts and clamps the voltage at VCC+0.7v. This is effective when dissipating a small charge that could potentially be at a high voltage - think ESD. But if you have prolonged current the diode will blow and short.
So you have a short (blown diode) but you still have a significant amount of energy to dissipate. This results in a large current that will cause the diode to physically explode or possibly blow a trace. USB data lines typically use very thin traces and can not conduct much power. If a trace goes then USB is screwed but the rest of the computer will probably function correctly. If the diode explodes your protection is gone and the high voltage will now cause all sorts of damage.
No downside? You're not considering "Getting your ass beat by the cops for destroying their stuff", as well as likely terrorism charges, 'cause that's what scaring police with an unknown device will get you.
Public charging ports don't have data lines... just power. The device would charge but have no data lines for the discharge.
I don't read your sig. Why are you reading mine?
Charge ports don't have data lines.
I don't read your sig. Why are you reading mine?
Well I could sue the police and retire on the settlement. Its like winning the lottery only with a beatdown thrown in
You haven't been paying attention to the news much, have you? It's very rare that police officers are held accountable for misbehavior; society (for better or worse) gives them a lot of latitude. Police officers literally get away with murder(*) on a regular basis.
(*) or at least, actions that would definitely be called murder if anyone else did the same thing
I don't care if it's 90,000 hectares. That lake was not my doing.
The problem with a device like this is it is hard to find a substantial legitimate use for it. Given that, they are likely to be targeted for a lawsuit and they are likely to lose that suit.
While it is perfectly ok to sell a device that gets used to commit crimes, you generally have to have a legit reason to be selling it and it can't be something that is totally made up that nobody actually believes. So for example while a crowbar can certainly be used to break in to a house to or attack someone, they are also widely used used to get nails out of things and pry stuck objects apart. As an opposed example a number of companies that sell devices to help you cheat on urine tests have gotten in trouble since their devices had no use other than said cheating.
It is very, very hard to think of a legit use for this and I can't imagine they'll get many legit sales. So it'll probably get them in legal trouble.
"Public charging ports don't have data lines"
Your claim (and that of other's, below) is simply wrong.
Because, any USB charger expected to work with a wide range of devices does in fact have connections to the USB data pins. If they are unconnected, a USB device can draw no more "one unit load" (0.1 A) from the port. If the data lines are actively used, a device can negotiate to 500 mA. Using the USB charging spec, the data pins are shorted together or with a 200 ohm resistor (depends on the version of the spec), and a device it can draw up to 1.5 A. But that's still unlikely to cause problems with other ports.
What is a concern is that there are lots of proprietary extensions beyond the USB spec. Apple and Qualcomm are two big players in that regard, using the data lines to signal the availability of current and/or voltages more that the USB spec itself allows. Modern "universal" charging ports actively use the USB data lines to identify the device type and then negotiate available power. These types of ports are becoming more common everyday.
Even if ports are sufficiently isolated so that one of these "killers" couldn't effect other ports, it's possible that they could damage the port they're plugged into, potentially causing it to deliver voltage damaging to other devices. Even though ESD protection is likely provided (just as it is on a computer's USB port), that's meant to handle only low energy situations (high volt/low amps). These killers are designed to accumulate, then deliver a much greater charge than that.
"National Security is the chief cause of national insecurity." - Celine's First Law