Slashdot Mirror
The 'USB Killer' Has Been Mass Produced -- Available Online For About $50 (arstechnica.com)
New submitter npslider writes: The "USB Killer," a USB stick that fries almost everything that it is plugged into, has been mass produced -- available online for about $50. Ars Technica first wrote about this diabolical device that looks like a fairly humdrum memory stick a year ago. From the report: "The USB Killer is shockingly simple in its operation. As soon as you plug it in, a DC-to-DC converter starts drawing power from the host system and storing electricity in its bank of capacitors (the square-shaped components). When the capacitors reach a potential of -220V, the device dumps all of that electricity into the USB data lines, most likely frying whatever is on the other end. If the host doesn't just roll over and die, the USB stick does the charge-discharge process again and again until it sizzles. Since the USB Killer has gone on sale, it has been used to fry laptops (including an old ThinkPad and a brand new MacBook Pro), an Xbox One, the new Google Pixel phone, and some cars (infotainment units, rather than whole cars... for now). Notably, some devices fare better than others, and there's a range of possible outcomes -- the USB Killer doesn't just nuke everything completely." You can watch a video of EverythingApplePro using the USB Killer to fry a variety of electronic devices. It looks like the only real defense from the USB Killer is physically capping your ports.
I tried it on my laptop, desktop, and phone. And it does not respond. Matter of fact...hm.
I'm gonna have to stop putting random USB sticks in all my devices. :(
There are some issue with the USB spec inrush definition that makes one want to tie fat traces between the power source and the USB port. There are ways of doing this properly, but almost no one wants to pay more than a fraction of a cent on it or become unprofitable/lose out to chinese suppliers, so shit happens.
Of course they have current limited USB switches. The point is this device slowly collects charge over time then drops it onto the data lines instantly. The protection diodes found within the USB host are only designed for ESD-like voltages and currents. They can not handle a high voltage being applied for a long time. They blow then the rest of the USB chipset blows. If you are really lucky, the charge then passes through the USB chipset and blows other ICs in the host.
This is why we can't have nice things.
Like the fact that you can find a USB port in planes, trains, bars, and various other places where you might need to charge up your phone?
Yup, not any more.
It really sucks that some people just like to watch the world burn.
That is basically what a protection diode is - except they do not use zener diodes. They have one diode connected to ground and one to VCC. If the voltage drops below ground, one diode conducts clamping the voltage to ~-0.7v. If the voltage increases beyond VCC, the other diode conducts and clamps the voltage at VCC+0.7v. This is effective when dissipating a small charge that could potentially be at a high voltage - think ESD. But if you have prolonged current the diode will blow and short.
So you have a short (blown diode) but you still have a significant amount of energy to dissipate. This results in a large current that will cause the diode to physically explode or possibly blow a trace. USB data lines typically use very thin traces and can not conduct much power. If a trace goes then USB is screwed but the rest of the computer will probably function correctly. If the diode explodes your protection is gone and the high voltage will now cause all sorts of damage.
One interesting use I can think of is to simply carry one around in case you get arrested by the police.
Supposedly police require a warrant to search your personal papers such as your cell phone, so this shouldn't be much different. If they take the USB drive over to the cruiser and plug it in "just to see" then this will fry their system.
You can even tell the officer not to plug the device in, that it's not a thumb drive, and that there's no information on it.
It would probably work at airports as well.
I really don't see a downside to this.
He isn't draining anything, he's filling it even fuller with Olympic swimming pools worth of sludge. His Treasury Secretary is plucked straight from, drumroll please, Goldman Sachs. After all that time he spent complaining about the (((GLOBALIST ELITE BANKERS))) and whining about Hillary's speech to Goldman.
I'm going to enjoy watching his supporters slowly figure out they fell for a long con, got suckered bigly, and voted in the world's yuuuuugest huckster.
Actually the schematic I'm looking at uses a Littelfuse SP3011 protection circuit for USB 3 which uses a zener diode. It clamps the voltage to ground and the zener and can handle spikes of 40A and +/- 8KV. The nice thing here is that it protects any spikes from being sent to the power supply.
This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
Public charging ports don't have data lines... just power. The device would charge but have no data lines for the discharge.
I don't read your sig. Why are you reading mine?
The problem with a device like this is it is hard to find a substantial legitimate use for it. Given that, they are likely to be targeted for a lawsuit and they are likely to lose that suit.
While it is perfectly ok to sell a device that gets used to commit crimes, you generally have to have a legit reason to be selling it and it can't be something that is totally made up that nobody actually believes. So for example while a crowbar can certainly be used to break in to a house to or attack someone, they are also widely used used to get nails out of things and pry stuck objects apart. As an opposed example a number of companies that sell devices to help you cheat on urine tests have gotten in trouble since their devices had no use other than said cheating.
It is very, very hard to think of a legit use for this and I can't imagine they'll get many legit sales. So it'll probably get them in legal trouble.
I doubt they'd have a hard time stretching it to over something like this. If you have a device who's only purpose is to destroy something and it goes and destroys something, well you are pretty likely to get in trouble for it.
Remember courts aren't operated by overly literal geeks who think if they can find some explanation, no matter how outlandish or unlikely, it'll be accepted. The law bases a lot around what is reasonable, and around intent. So your attempt at being cute won't work, and you'll be off to jail.
It also may very well be illegal just to have, or be made illegal if not. There are devices that are outlawed purely because they have no legit use. Many states ban burglary tools, which can include things like the cracked ceramic piece of a spark plug (the aluminum oxide ceramic breaks tempered glass easily). If they catch you and can prove intent, then you are in trouble just for having them with the intent to use them illegally.
Oh and don't think they have to read your mind or get a confession to prove intent. They usually just have to show that the circumstances surrounding the situation are enough to lead a reasonable person to believe that you were going to commit a crime.
And a post like this, would count for sure.
I can just picture someone plugging one of these into one of those public charging kiosks at an airport. Wanna bet how well the ports are well isolated?
It would likely do nothing at all. It dumps the charge down the data lines, a charging port shouldn't have any data lines. Now, maybe the data lines ARE connected to something (so the TSA can search every phone that gets plugged in, "for your safety"), in that case maybe blowing the data lines would be a good thing overall.
Enigma
I can assure you that peeing on a computer will not necessarily kill it.
Please don't ask me how I came by this information.
You are welcome on my lawn.
He isn't draining anything, he's filling it even fuller with Olympic swimming pools worth of sludge.
Bingo. The Trumpkins have been completely suckered, as you can see from the resumes of those in President-elect Donald Trump’s closest political circle so far:
Treasury secretary nominee Steven Mnuchin: Goldman Sachs.
Chief strategist Steve Bannon: Goldman Sachs.
Transition adviser Anthony Scaramucci: Goldman Sachs.
Commerce secretary nominee Wilbur Ross: Rothschild & Co.
Possible budget director Gary Cohn: Goldman Sachs.
Potential secretary of state Mitt Romney: Bain Capital.
And Trump is just getting started. Check out that “swamp draining!" Take that, Wall Street!
Just cruising through this digital world at 33 1/3 rpm...
He's a racist, lying, idiot sack of shit, but he hasnt murdered a pregnant woman on live television, that we know of, so give him a chance!
This is just another way to vandalize stuff. I owned a far cheaper version of this 30 years ago. Its called a baseball bat. Before that, I had a tack-hammer. My ancestors had a version too, but they called it a "brick". Even earlier versions were called "rocks".
If we're lucky, cities will start passing ordinances to make mere possession of these a crime, since there is no legal purpose for these.
So the lesson here is don't plug in any strange or unknown USB sticks into your devices, and don't let anyone else plug any in either! I really can see no reason for such a destructive device to exist...except for some jackass to leave one some where and hope someone finds it and fries their computer or other devices.
I still can't buy into it. If you REALLY want to disable the USB port, you go inside and cut the leads. If you want to test the USB port for something like resistance to static electricity, then you need to use proper test equipment. Presumably it would be destructive testing and you would want to increase the shocks gradually to determine the safe levels.
According to the description, all this thing does is attempt to do some random damage. I say the story is bogus.
However, I finally did think of a legitimate use for the story. The cops want to find out who would try to buy such a device. Along with his shipping address.
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
Talking to Taiwan sounds smart, if you're an idiot who doesn't have the most basic grasp of the nuanced dynamics at play. He'll do all the things people like you will think is bold, smart, independent, whatever - and predictable reactions from China will happen, just somewhat small but meaningful consequences. And people will keep wondering why they have to live in a world the way it is, not the way they think it should be. Much like the adage that there's no such thing as a stupid question, it sounds like a cool move emotionally, but in reality, leaders need to know how to tread.
"Old man yells at systemd"
Chinese suppliers? Chinese supplies don't want to lose out to Chinese suppliers. Has nothing to do with where it's being made ya dunce.
"Old man yells at systemd"
'I'd argue that the device would be far more destructive if it pumped -12v instead of -240v since it would be able to output a lot more current.'
IANAEE, but as I understand it: high current can cause heat damage and possibly fires, but high voltage can jump lines and cause failure in more than just the circuit it was introduced to.
Both are potentially (no pun intended) very bad. But a high voltage spike will cause much more widespread damage in a very short span. This is why we treat static electricity (high voltage, low current) with such respect around electronics.
Actually the schematic I'm looking at uses a Littelfuse SP3011 protection circuit for USB 3 which uses a zener diode. It clamps the voltage to ground and the zener and can handle spikes of 40A and +/- 8KV. The nice thing here is that it protects any spikes from being sent to the power supply.
Yes, the datasheet wonderfully specifies the standard it is designed to. But you forgot something key in your specification, the time base. For anything longer than a couple of nano seconds it's current capacity drops down to about 3A. Great if you're rubbing your feet on the carpet and then touching your USB port once or twice, not so great if you have a circuit actively pulsing repeatedly a couple of hundred volts at high current over and over again until things go pop.
Protection systems in all classical cases are designed to dissipate energy. As a classic clue if you see anything that quotes IEC61000-4.x then expect it to go bang when met with this device as it is a completely different design case.
Time for someone to make and sell a 'USB Killer Killer'
Upon detecting that a USB killer has been inserted the USB Killer Killer quietly disconnects its protected USB link to the PC's USB port.
It then flashes a rotating red LED, sounds a warning siren and declares thermonuclear war on the unsuspecting USB killer by way of its 1.21kV capacitor bank, which interestingly happens to be around the size of an overweight adult hedgehog.
Unexpectedly the USB killers plastic casing instantly explodes and showers the user in molten hot plastic and metal shrapnel.
Hm.. i should probably rethink this idea.
Actually no, if you're stupid enough to use a USB killer this is what you get.
"Public charging ports don't have data lines"
Your claim (and that of other's, below) is simply wrong.
Because, any USB charger expected to work with a wide range of devices does in fact have connections to the USB data pins. If they are unconnected, a USB device can draw no more "one unit load" (0.1 A) from the port. If the data lines are actively used, a device can negotiate to 500 mA. Using the USB charging spec, the data pins are shorted together or with a 200 ohm resistor (depends on the version of the spec), and a device it can draw up to 1.5 A. But that's still unlikely to cause problems with other ports.
What is a concern is that there are lots of proprietary extensions beyond the USB spec. Apple and Qualcomm are two big players in that regard, using the data lines to signal the availability of current and/or voltages more that the USB spec itself allows. Modern "universal" charging ports actively use the USB data lines to identify the device type and then negotiate available power. These types of ports are becoming more common everyday.
Even if ports are sufficiently isolated so that one of these "killers" couldn't effect other ports, it's possible that they could damage the port they're plugged into, potentially causing it to deliver voltage damaging to other devices. Even though ESD protection is likely provided (just as it is on a computer's USB port), that's meant to handle only low energy situations (high volt/low amps). These killers are designed to accumulate, then deliver a much greater charge than that.
"National Security is the chief cause of national insecurity." - Celine's First Law
"a charging port shouldn't have any data lines"
You're wrong. A useful USB charging port _must_ have connections to the data lines (see my post, above).
"National Security is the chief cause of national insecurity." - Celine's First Law
I'm all for things that go boom. I love weird, clever little gadgets. I admire a clever and subtle subversion of a system, even when I don't condone its use.
But geez; this thing is not exactly elegant. It uses a fairly basic circuit to exploit the completely unsurprising fact that the interface isn't designed to handle high voltages.
I'm with you on this one. All someone did was say "Gee, capacitors can hold large charge and dissipate it quickly so it will destroy a circuit whose design spec doesn't call for handling large voltages" and build a small device to do so. BFD. I can build a 120 or 210 power cord with a usb connector, plug it in a to the wall and a usb port; POW sparks fly as well. The "the interface and machines should have been deigned to prevent such an event" is ridiculous since no one expects someone to design a device to deliberate damage the port; and if you did try to do so why stop there? A screwdriver can also physically damage it so doe step spec require it to withstand such an attack? How about if I put my machine in a microwave? Or do we design it in such a way that it performs as intended and the expectation is it will be used in a reasonable manner?
Some people will no doubt think it's funny to use one on unsuspecting victims and when caught say "It's just a joke" and / or "The machine should have been designed not to let that happen;" and be surprised when they are hauled into court. Oh well, you can fix a fried device but you can't fix stupid.
I'm a consultant - I convert gibberish into cash-flow.
The answer to the problem is we need to remove Stupidity from State. there should be mandatory IQ testing for NOT ONLY voting but ALSO FOR the politician themself..
Just like when you plug 2 power strips into a loop- free power forever!
But if you have prolonged current the diode will blow and short.
Fuse/diode combo on the data lines. Blow the fuse (resettable polyfuses for convenience).
I see a market for 'USB condoms' that provide this function for people who need to plug in unknown USB devices. Also a mode to block the data lines when you think you are plugging into a USB charger that has an embedded data sniffer built in.
Have gnu, will travel.
There used to be a series of videos on Youtube (taken down for some mysterious reason) of a guy who would smash and destroy all kinds of electronics, and in one video he tried to destroy a CRT style color TV (2000s vintage) by dumping a whole bottle of soda directly on the (live and turned on) circutry. Not only did the set NOT blow up or shoot sparks, it kept operating, with only the picture starting to gradually shrink verticaly! Not that I recommend doing this as I am sure the puddle was probaly electricaly live and carrying a lethal voltage but these videoes showed just how hard it is to damage electronics to the point of getting any kind of effect that is remotely like you see in Hollywood movies. The videos were done by a man who would talk very surly, kind of grade school like, and he usualy did his destructive deeds in his tool shed which was covered with heavy quilts and carpeting on the inside. He also appeared to be very religious and his videos often had text along the lines of "repent now and be saved!" A couple years ago, he abruptly closed his account and pulled all of his videos off of Youtube. Strange man, but I always enjoyed his videos.
Since they require the 5V power from a host to generate the high voltage and all...
Remember "News for Nerds, Stuff that Matters"? Help make it a reality again! http://soylentnews.org
Accusing a federal judge of being unable to discharge his duties because he's Hispanic, and a member of the Hispanic Bar Association (one of hundreds of such affinity lawyers groups), manifestly is racist, as even Republican Speaker of the House Paul Ryan was forced to admit.
Insofar as Islam, it is a sprawling religion consisting of 2.2 billion adherents, with many sub-ideologies. If you yourself have not apologized for the "Klan" (who call themselves Christian and "light" crosses as emblems of their WASP faith), then any broad brush attack on Muslims over the actions of al-Qaeda and al-Qaeda of Iraq (a.k.a. ISIS) is pure bigotry.
Bashing illegal immigration, while conspicuously being entirely unconcerned that Trump's own wife Melaina was clearly an illegal immigrant, is again not only a sign of hypocrisy, but one of racism. Because there is no legal difference between the two situations. Merely a skin color one.
The reason why people continue to call Trump racist is because he is. The reason why people call his supporters racist, is because there is hard evidence of racist attitudes taken from surveys of them.
The idea that a racist is going to suddenly vote for the party who opposes racism, instead of the Republican party that it has been proven benefits from it, if only people wouldn't point out their racism, is absurd.
Is that enough research for you?
God forbid Trump do something to piss off China! Like accusing them of raping America, of rampant economic cheating, government-funded hacking and espionage, or vowing to "renegotiate" economic agreements with them. He was doing real good with China until that phone call!
I see a market for 'USB condoms' that provide this function for people who need to plug in unknown USB devices.
Always practice safe hex.