USB Killer
A USB Killer is a device that looks similar to a USB thumb drive that sends high-voltage power surges into the device it is connected to, which can damage hardware components. Its manufacturers claim the device has been designed to test components for protection from power surges and electrostatic discharge; however, there have been several instances of malicious use, and the device is not used for device testing by any major company. The device is often mentioned in articles warning readers against plugging in unknown USB drives.[1][2][3]
A USB killer device. |
Mechanism
The device collects power from the USB power source of the component it is connected to in its capacitors until it reaches a high voltage and then it discharges the high voltage onto the data pins.[2] Versions 2, 3 and 4 of the device may generate a voltage of 215 to 220 volts.[4]
This device has been compared to the Etherkiller,[5] a family of cables that feed mains electricity into low-voltage sockets such as RJ45.[4]
Models
There are different models of the device, the latest being USB Killer v5.0. Earlier generations, including USB Killer v2, were developed by a Russian computer researcher with the alias Dark Purple.[3][4]
Similar homemade devices have been constructed from USB air ionisers[6] and camera flash parts,[7] both of which already feature high-voltage circuitry. A more recent version uses the piezo inverter transformer from a CCFL driver with a simple two transistor resonant Royer oscillator, one shot timer and a spark gap as a lightweight way to generate an 1800V sharp pulse more closely simulating a low power electrostatic discharge for mitigation and circuit testing purposes. [8] The prototype has a countdown timer and ascending bleep warning to reduce the chances of accidental or malicious use.
Potential defenses
One author believes that the new cryptographic authentication protocol for USB-C authentication announced by the USB Implementers Forum would help to protect against this device by preventing unauthorized USB connections from being made, although some manufacturers now claim that they can bypass this protocol.[9] Some developers of the device believe that an optocoupler can protect against the device but from later testing even applying a short risetime high voltage pulse to the case can damage some sensitive systems. [1]
College of St Rose Incident
In April 2019, a 27-year-old Indian former student of the College of Saint Rose, Vishwanath Akuthota, pleaded guilty to destroying 59 Windows computers and 7 iMac computers[10] in his college using a USB killer, resulting in over $50,000 in damages.[11][12] He also destroyed seven computer monitors and computer-enhanced podiums.[11] He was sentenced to 12 months in prison, followed by a year of supervised release for doing so, in August 2019. He was also ordered to pay $58,471 as restitution charge.[11]
References
- Armasu, Lucian (2017-08-12). "'USB Killer 2.0' Shows That Most USB-Enabled Devices Are Vulnerable To Power Surge Attacks". "tomshardware.com".
- "USB Killer: A device that can destroy a PC in seconds". DECCAN CHRONICLE. 2017-08-12.
- Bolton, Doug (2017-08-12). "Russian computer researcher creates a USB killer thumb drive that will fry your computer in seconds". "independent.co.uk".
- "The USB Killer, Version 2.0". Hackaday. 10 October 2015.
- "The Etherkiller". Retrieved 3 October 2018.
It all started one day with this guy, the original Etherkiller, developed with a few misc parts to warn new users that the IT department is not to be messed with. You too can make one at home, connect the transmit pins of the RJ-45 to HOT on 110VAC and the receive pins to Common.
- Tomas C (27 June 2018). "This $3 DIY USB Device Will Kill Your Computer – Hacker Noon". Hacker Noon. Retrieved 2 October 2018.
- Buis, Juan (9 November 2016). "This terrifying homemade USB killer will instantly kill your computer". The Next Web.
- "Rosen Type Piezoelectric Transformers | Products & Suppliers | Engineering360". www.globalspec.com. Retrieved 2020-12-03.
- Anthony, Sebastian. "USB Killer now lets you fry most Lightning and USB-C devices for $55". Ars Technica.
- "Vishwanath Akuthota". Scribd. Retrieved 2020-12-03.
- "Indian Student in US Sentenced to 1-Year in Prison for Damaging University Computers". NDTV Gadgets 360. 14 August 2019. Retrieved 16 April 2019.
- "Former Student Pleads Guilty to Destroying Computers at The College of St. Rose". www.justice.gov. 2019-04-16. Retrieved 2020-12-03.