The USB Killer is a commercially available USB stick that can fry almost any computer in seconds by rapidly collecting power from the USB power lines and then repeatedly discharging 240V into the host device until it dies. The whole process only takes a few seconds.
USB sticks have long been used infect unsuspecting users’ computers with all kinds of malware and spyware, but last year, a Russian hacker by the name of Dark Purple showed the entire world a new way USB drives can be used to effectively destroy virtually any PC or laptop equipped with a USB port. When it was first revealed, last year, the “USB Killer” was described as a proof of concept aimed at security researchers and folks who work on USB standards, to help them make devices immune to high voltage attacks. A few days ago, however, the USB Killer became a commercially available product that anyone can order online for just $56.
The USB Killer looks as harmless as any other pen drive, but it’s actually lethal for around 95% of consumer laptops and PCs. It is equipped with small capacitors that draw power from the USB power source to which it is connected, and when they are completely charged – it can take less than a second – the stick discharges over 200 volts of DC power to the host device multiple times per seconds until the machine is fried or the USB Killer is unplugged.
Photo: USB Killer
“In our tests, over 95 percent of devices are affected by a USB power surge attack. Almost all consumer-level hardware fails when tested against the USB Kill,” the makers of the device state in a recent promotional video. “The most frequent outcome is the complete destruction of the device (laptops, tv, telephones, etc). Almost all consumer-level hardware fails when tested against the USB Kill.” Apparently, the only products against which the tiny USB stick is not effective against are those made by Apple, “the only company to [protect its hardware] voluntarily.”
Although Dark Purple is credited for creating the USB Killer prototype last year, it is unclear if he is still involved in the project. The official site of the product doesn’t mention the name of the company behind it, but according to a press release, it is based in Hong Kong. Mashable tried to get in touch with the makers of the USB Killer and learned that it is an “‘independent Hong-Kong-based company’ that specializes in security and audit hardware.”
Photo: USB Killer
USB Killer acknowledges the product’s potential for abuse, now that it is a publicly available commodity, but claim that it is actually meant to raise awareness about the dangers of high voltage attacks and force companies to change the design of their devices. “This vulnerability has been in the wild for years: education of both fronts, consumer and manufacturer, is necessary,” a spokesperson said.
The company admits that anyone with bad intentions can use the USB Killer to destroy private property, but emphasize that they are responsible for their actions. “A hammer used maliciously can permanently damage to [sic] a third party’s device. The USB Killer, used maliciously, can permanently damage a third party’s device,” their FAQ section states.
So are then any ways to protect yourself against USB Killer attacks? The company also sells a Test Shield that attaches to the dangerous stick and makes it safe to insert in a USB port, and there are so-called “USB condoms” that disable access to the data lines within a USB port while still allowing charging – although someone can just take them out before inserting the USB Killer – but probably the only truly effective solution right now is vigilance. Don’t leave your machine unattended and don’t plug unknown hardware into it. Hopefully, this dangerous device will actually force companies to implement protective technologies into their products in the near future.
I hope they at least label it as dangerous, “not a storage unit” or something like that or people might just start destroying computers by accident. Imagine leavin the USB Killer on your desks and a curious friend or family member trying to see what’s on it. Ouch!
via Hot Hardware