Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

5/11/2020
10:00 AM
VP Pai
VP Pai
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
50%
50%

Rule of Thumb: USB Killers Pose Real Threat

They look just like a USB thumb drive, but instead of storing data, they can be used to destroy it and the device the data is saved on.

Authorities are closing in. The double spy needs to destroy the data and bail before authorities get into the room or he’ll be finished. As they get closer, he plugs a small gadget into the computer, which instantly starts zapping and smoking. The spy climbs out the window to his escape.

It's a movie scene most of us have seen in one form or another. Nowadays, almost anyone can destroy a computer with just a simple online purchase.

The weapon? A Universal Serial Bus (USB) Killer. It looks just like a USB thumb drive, but instead of storing data, it can be used to destroy it and the device the data is saved on. The USB Killer does this by sending high-voltage power surges into the device once it's connected.

Makers of USB Killers say they sell them so people or companies interested in testing their devices for protection against such attacks can do so. But that also means anyone with ill intent can just as easily acquire one.

For example, in April 2019 a former student of the College of Saint Rose in upstate New York, pled guilty to destroying 59 computers at the college campus using a USB Killer. This little device caused some $50,000 in destruction. According to other sources, he also destroyed seven computer monitors and computer-enhanced podiums.

In addition, according to June 2019 research from Dell and Forrester Research, nearly half of companies surveyed had experienced a hardware-level attack in the 12 months prior. Of these attacks, nearly half were internal incidents and the result of accidental or user error, an attack involving a business partner, an attack within the organization, or a malicious internal threat.

How a USB Killer Works
USB Killers are based on a prototype allegedly designed by a Russian researcher, Dark Purple, with the purported intention to destroy sensitive components on any computer. When a USB Killer device is plugged into a USB port, it collects power into its own capacitors from the USB power source of the devices. It does so until it reaches a high voltage. When it's done, it discharges the collected high voltage negative 220 volts onto the USB data pins. It's estimated the currently available USB Killers can generate a voltage of 215 to 220 volts. This damages or destroys the circuitry of the host device. 

This collection of high voltage in its capacitors happens rapidly. In addition, the charge/discharge cycle repeats many times per second so long as it remains connected and hasn't destroyed the device to the point it can't charge itself.

As a result of this process, practically any unprotected device is likely to succumb to the high voltage attack. USB sticks have long been used as a delivery mechanism for ill will, including to infect systems with viruses. This is likely because they are simple and cheap to design and acquire. They are also commonly used by unsuspecting people to store and transfer data.

Stopping a USB Killer
Supposedly, creators of the USB specification have addressed the vulnerabilities of a USB Killer with a new software-based cryptographic authentication protocol. This is for USB-C authentication and would help protect against such an attack by preventing unauthorized USB connections. However, there are already claims this protocol can be bypassed.

Device designers do have some options to include more hardware-based circuit protection. (Editor's note: The author's company is one of several providers of circuit protection components.) However, in many cases, designers unfortunately opt to save the extra pennies per device it would cost to do so. Still, extra circuit protection is highly beneficial in key markets — for example, in the medical device market, where a system's uptime can be life or death. In addition, some aircraft electronic systems have USB interface ports, and a person could easily damage the entire passenger infotainment system on a plane and any third-party device that is connected to the same USB line. Industrial or building systems equipment that is susceptible to disgruntled employee backlashes might also be a worthwhile target for extra circuit protection.

System designers can take some immediate steps to protecting their hardware by disabling unused USB ports or capping them so they’re more difficult to use. Some companies have also attempted to ban external media used on internal company systems. One reason: Employees often use USB memory sticks to take a file with them to work on at home. However, if not properly administered it can also lead employees to upload files to the cloud, which brings about additional security concerns.

From the cost of damage to physical systems to the risk of losing critical data, the threat posed by USB Killers is very real. Don't let your organization become the basis for the next blockbuster movie.

Check out The Edge, Dark Reading's new section for features, threat data, and in-depth perspectives. Today's featured story: "How InfoSec Pros Can Help Healthcare During the Coronavirus Pandemic."

VP Pai is vice president of ProTek Devices. Prior, he worked at Intersil and Harris Semiconductor in various senior management roles. He has been in the semiconductor industry since 1978. View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...