USB Kill: Yet One More Item to be Concerned With
There are constantly new attacks on various pieces of equipment, both consumer and commercial. With so many vulnerabilities and such a large attack surface, the attacks will increase in numbers and the unique types of attacks. The attackers feel this is a viable option for their 15 minutes of fame. Others may seek knowledge and seeking vulnerabilities because they are present. The intent is not malicious, but a product of a curious mind.
Currently, a researcher has engineered and created Version 2.0 of a tool used to attack any piece of equipment that has a USB port. This has been tested against the Playstation 4, X Box One S, and iPhone 7. These devices along with certain automobiles, have failed the test with results varying along the scale. The piece of equipment is a simple USB that has been modified with additional capacitors and other equipment. This is not distinguishable from other USB drives.
Such a small piece of equipment can be immensely destructive on a significant level. Clearly this does not operate like any other USB drive and has been modified. Version 2.0 operates much like Version 1.0, by collecting energy and discharging this at one time after the capacitors are fully charged. This delivers 220-240 volts in one shot through the USB port. The device does this repeatedly until the USB drive fails or the equipment fails. Version delivered an estimated 110 volts. This makes the device inoperable and in certain instances, catch fire. There was one device that was tested and damaged, however did not fail. This was the Samsung Galaxy Note 7.
The attack generally causes a significant amount of damage to the equipment. In the average case, the user would need to replace the PCH (USB controller), power regulator, and supporting components. The motherboard may also need to be checked for issues. With the newer systems, possibly only the PCH would need to be replaced.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Anthony, S. (2016, December 2). USB killer, yours for $50, let’s you easily fry almost every device. Retrieved from http://arstechnica.com/gadgets/2016/12/usb-killer-20-a-harmless-looking-usb-stick-that-destroys-computers
Bisson, D. (2016, December 3). Fry all the things: USB kill zaps tons of computing devices. Retrieved from https://www.grahamcluley.com/fry-things-usb-kill-zaps-tons-computing-devices
Zorz, Z. (2015, October 15). USB killer 2.0: A harmless-looking USB stick that destroys computers. Retrieved from https://www.helpnetsecurity.com/2015/10/15/usb-killer-20-a-harmless-looking-usb-stick-that-destroys-computers/