Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:00 AM
VP Pai
VP Pai
Connect Directly
E-Mail vvv

Rule of Thumb: USB Killers Pose Real Threat

They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.

Authorities are closing in. The double spy needs to destroy the data and bail before authorities get into the room or he’ll be finished. As they get closer, he plugs a small gadget into the computer, which instantly starts zapping and smoking. The spy climbs out the window to his escape.

It's a movie scene most of us have seen in one form or another. Nowadays, almost anyone can destroy a computer with just a simple online purchase.

The weapon? A Universal Serial Bus (USB) Killer. It looks just like a USB thumb drive, but instead of storing data, it can be used to destroy it and the device the data is saved on. The USB Killer does this by sending high-voltage power surges into the device once it's connected.

Makers of USB Killers say they sell them so people or companies interested in testing their devices for protection against such attacks can do so. But that also means anyone with ill intent can just as easily acquire one.

For example, in April 2019 a former student of the College of Saint Rose in upstate New York, pled guilty to destroying 59 computers at the college campus using a USB Killer. This little device caused some $50,000 in destruction. According to other sources, he also destroyed seven computer monitors and computer-enhanced podiums.

In addition, according to June 2019 research from Dell and Forrester Research, nearly half of companies surveyed had experienced a hardware-level attack in the 12 months prior. Of these attacks, nearly half were internal incidents and the result of accidental or user error, an attack involving a business partner, an attack within the organization, or a malicious internal threat.

How a USB Killer Works
USB Killers are based on a prototype allegedly designed by a Russian researcher, Dark Purple, with the purported intention to destroy sensitive components on any computer. When a USB Killer device is plugged into a USB port, it collects power into its own capacitors from the USB power source of the devices. It does so until it reaches a high voltage. When it's done, it discharges the collected high voltage negative 220 volts onto the USB data pins. It's estimated the currently available USB Killers can generate a voltage of 215 to 220 volts. This damages or destroys the circuitry of the host device. 

This collection of high voltage in its capacitors happens rapidly. In addition, the charge/discharge cycle repeats many times per second so long as it remains connected and hasn't destroyed the device to the point it can't charge itself.

As a result of this process, practically any unprotected device is likely to succumb to the high voltage attack. USB sticks have long been used as a delivery mechanism for ill will, including to infect systems with viruses. This is likely because they are simple and cheap to design and acquire. They are also commonly used by unsuspecting people to store and transfer data.

Stopping a USB Killer
Supposedly, creators of the USB specification have addressed the vulnerabilities of a USB Killer with a new software-based cryptographic authentication protocol. This is for USB-C authentication and would help protect against such an attack by preventing unauthorized USB connections. However, there are already claims this protocol can be bypassed.

Device designers do have some options to include more hardware-based circuit protection. (Editor's note: The author's company is one of several providers of circuit protection components.) However, in many cases, designers unfortunately opt to save the extra pennies per device it would cost to do so. Still, extra circuit protection is highly beneficial in key markets — for example, in the medical device market, where a system's uptime can be life or death. In addition, some aircraft electronic systems have USB interface ports, and a person could easily damage the entire passenger infotainment system on a plane and any third-party device that is connected to the same USB line. Industrial or building systems equipment that is susceptible to disgruntled employee backlashes might also be a worthwhile target for extra circuit protection.

System designers can take some immediate steps to protecting their hardware by disabling unused USB ports or capping them so they’re more difficult to use. Some companies have also attempted to ban external media used on internal company systems. One reason: Employees often use USB memory sticks to take a file with them to work on at home. However, if not properly administered it can also lead employees to upload files to the cloud, which brings about additional security concerns.

From the cost of damage to physical systems to the risk of losing critical data, the threat posed by USB Killers is very real. Don't let your organization become the basis for the next blockbuster movie.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic."

VP Pai is vice president of ProTek Devices. Prior, he worked at Intersil and Harris Semiconductor in various senior management roles. He has been in the semiconductor industry since 1978. View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-06-16
FOGProject v1.5.9 is affected by a File Upload RCE (Authenticated).
PUBLISHED: 2021-06-16
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
PUBLISHED: 2021-06-16
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" t...
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Buffer Overflow. There are multiple out-of-bounds vulnerabilities in some processes of D-Link AC2600(DIR-2640). Local ordinary users can overwrite the global variables in the .bss section, causing the process crashes or changes.
PUBLISHED: 2021-06-16
D-Link DIR-2640-US 1.01B04 is vulnerable to Incorrect Access Control. Router ac2600 (dir-2640-us), when setting PPPoE, will start quagga process in the way of whole network monitoring, and this function uses the original default password and port. An attacker can easily use telnet to log in, modify ...