Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
Hardware IT

The USB Kill Stick, Priced at $56, Is Designed To Destroy Laptops, PCs, TVs (zdnet.com) 308

There's a new USB Kill device in the market today which can destroy any device it touches. ZDNet reports: For just a few bucks, you can pick up a USB stick that destroys almost anything that it's plugged into. Laptops, PCs, televisions, photo booths -- you name it. Once a proof-of-concept, the pocket-sized USB stick now fits in any security tester's repertoire of tools and hacks, says the Hong Kong-based company that developed it. It works like this: when the USB Kill stick is plugged in, it rapidly charges its capacitors from the USB power supply, and then discharges -- all in a matter of seconds. On unprotected equipment, the device's makers say it will "instantly and permanently disable unprotected hardware." You might be forgiven for thinking, "Well, why exactly?" The lesson here is simple enough. If a device has an exposed USB port -- such as a copy machine or even an airline entertainment system -- it can be used and abused, not just by a hacker or malicious actor, but also electrical attacks.
This discussion has been archived. No new comments can be posted.

The USB Kill Stick, Priced at $56, Is Designed To Destroy Laptops, PCs, TVs

Comments Filter:
  • So? (Score:5, Insightful)

    by Hizonner ( 38491 ) on Friday September 09, 2016 @04:38PM (#52858133)

    Whoopee. I can hit it with a hammer for free, or plug it into the power line for a couple of bucks.

    • Re:So? (Score:5, Funny)

      by 110010001000 ( 697113 ) on Friday September 09, 2016 @04:41PM (#52858179) Homepage Journal
      Argh, I was going to sell them my hammer for $55! Stop undercutting my price!
    • Re:So? (Score:5, Insightful)

      by Spy Handler ( 822350 ) on Friday September 09, 2016 @04:52PM (#52858293) Homepage Journal

      If you put a hammer inside a box marked "Newegg" and send it to someone, upon opening the box he will most like *not* use it to destroy his computer.

      But if you do the same thing with a USB stick zapper, there's a pretty good chance that he will stick it in his computer and end up with a fried computer.

    • Re:So? (Score:5, Funny)

      by Anonymous Coward on Friday September 09, 2016 @04:54PM (#52858309)

      It would be a terrible shame if law enforcement personnel were to illegally confiscate and subsequently attempt to read the contents of USB devices which immediately destroyed whatever they were plugged into. It really would be a shame. -PCP

      • So you will get arrested for impeding an investigation. Also for damaging police property. Having property in attempt to do harm...

        So you get to go to jail for real crimes vs being able to defend yourself for a crime you are inocent of.

        • Re: (Score:2, Insightful)

          by Anonymous Coward

          I'm sure if you explain to the police not to take your stuff and plug it in because it would destroy their equipment, they'd still plug it in anyway and have no one to blame but themselves, legally.

          But of course that doesn't stop them from just killing you in retaliation. They know they can get away with murder. In fact they're apparently rewarded for it with big chunks of paid time off, and no criminal charges.

        • Re:So? (Score:5, Interesting)

          by WolfgangVL ( 3494585 ) on Friday September 09, 2016 @06:32PM (#52859023)

          Wait, full stop. Your saying when my shit is confiscated and used against my wishes in an un-intended application by an uninformed outside operator (read: not me) I am somehow liable when this not me person uses it wrong and asses up his own gear? What about my right to remain silent? What if its labeled PERSONAL?

          What if I straight up TELL the border control agent -
          "This thumbdrive is dangerous and will kill his computer, do not attempt to view the contents?"

          This is a real honest question. No snark.

          I love the idea of a nasty little red herring hiding in my personal private papers and effects.

          • Re:So? (Score:4, Interesting)

            by AmiMoJo ( 196126 ) <<mojo> <at> <world3.net>> on Saturday September 10, 2016 @02:05AM (#52860911) Homepage Journal

            I've been thinking about ways to make a self destructing USB flash drive for a while. Law enforcement always uses a dongle to block writes to the drive while they make a forensic image. Seems like you could program the drive controller to detect that (say more than 1MB read with no writes after power up, normally Windows will try to update the last access date) and self erase.

    • by EvilSS ( 557649 )
      I dunno, have you seen the prices of hammers lately?
    • Re:So? (Score:5, Interesting)

      by Hotawa Hawk-eye ( 976755 ) on Friday September 09, 2016 @05:44PM (#52858733)
      Picture what would happen if on Election Day someone were to plug one of these into an electronic voting machine on which the election officials had accidentally left the USB port exposed. Fry the machine, quickly pocket the stick, call election officials over (or just walk away) and you've slowed voting at that polling place by reducing the number of machines, potentially forcing them to switch to paper ballots. Election officials might question why you're carrying a hammer with you into the voting booth; they're unlikely to ask you to turn out your pockets so they can inspect any USB drives you may be carrying, and a USB drive is easier to hide than a hammer.
      • slot machines with usb changing ports seems like a like some may want to destroy after losing big. I do hope they have there own power source.

        • slot machines with usb changing ports seems like a like some may want to destroy after losing big. I do hope they have there own power source.

          Because vandalizing a slot machine worth enough money to make it a significant felony in one of the most surveiled places in the world where it will be immediately obvious is a great idea.

    • Re:So? (Score:5, Informative)

      by phantomfive ( 622387 ) on Friday September 09, 2016 @05:55PM (#52858795) Journal
      The Ethernet Killer [fiftythree.org] is probably worth mentioning, too.
    • by jellomizer ( 103300 ) on Friday September 09, 2016 @06:00PM (#52858825)

      Because there is always some asshole who feels the need to break stuff.
      These public USB Power ports were set up as a convenience for the public and the customers, so that Doctor can have his phone charged so he doesn't miss that life saving call. They are giving us free energy to power our mobile devices. The TVs to entertain us, while we are stuck waiting. But no there has to be some jerk who needs to find a way to break it. We can't have an infrastructure for new technology now, just because it can be broke.

      Now this device is just for bad people to do bad things, there is no good in it. It isn't even good enough for properly destroying technology as for the most part it will probably just damage the USB interface card and not reliably break the rest of the system.

      • by gTsiros ( 205624 )

        welcome to greece and other underdeveloped (mentally and socially) countries, where you can't have any conveniences because there are too many assholes that break stuff just because it's there (wouldn't that make them psychotics? There must be a DSM-V designation for people who have a habit to damage public property.) and too few people who are willing to step up to them.

    • by Kohath ( 38547 )

      Give it to Customs Enforcement when they demand access to your data. Or include it in the box when your records are subpoenaed.

  • I can see a lot of wasted costs if this *cough *cough "product" ever catches on. Working all my life at device manufacturers this is one I'd like to put back in the bottle.
    • There is a solution here, electrical protection on the USB port that should have been there from the start. I'm not an EE so maybe this is actually a hard problem but it would seem to be easier to put a breaker or fuse on the the thing that would protect over-voltage from coming into the circuit boards.

      • by tomkost ( 944194 )
        USB and most other ports already have some ESD/current protection. Without knowing the details of the device hard to say if current standards are enough protection. Someone else pointed out that a bad actor could just as easily hit the device with a hammer if they want to break it, so hard to say if anyone will really need to do anything about it.
        • USB and most other ports already have some ESD/current protection. Without knowing the details of the device hard to say if current standards are enough protection. Someone else pointed out that a bad actor could just as easily hit the device with a hammer if they want to break it, so hard to say if anyone will really need to do anything about it.

          Surreptitiously hitting something with a hammer is a lot harder than sneaking something onto a USB port.

        • Without knowing the details of the device hard to say if current standards are enough protection

          Enough protection for what? The USB standard provides basic requirements to ensure compatibility between the devices and with a standard use case. e.g. Requirements around voltages and currents into and out of the socket. The design of the plug and socket includes a grounded outer shell to prevent static discharge from the body hitting the datalines when touched. There's a whole chapter in the standard on current limiting, and most reference implementations of USB controllers now provide polyfuses as downst

      • by harrkev ( 623093 ) <kfmsd@@@harrelsonfamily...org> on Friday September 09, 2016 @06:21PM (#52858961) Homepage

        As an EE, I have some experience with this. I really do digital logic chip design, and leave the design of the IO pins to the analog guys (and I am NOT an analog guy)...

        However, pins are designed to dissipate excess charge using the "human body model." [wikipedia.org] The specification is charging a small capacitor to a few thousand volts and dissipating that into a pin. Since the capacitance is small, the total amperage is very small. There are zener diodes [wikipedia.org] built into IO pads that can handle this small amount of current. An ESD event will only last for the barest fraction of a second. Now, if you actually intentionally put too much voltage across pins for a prolonged period of time, I can easily imagine those zener diodes dying. Once that happens, the voltage will start to play merry hell with the logic.

        I also did some government (military) work a decade ago. With those systems, you generally hardened them against EMP pulses (don't want a nuke taking down your electronics), so we used something called "transorbs." [wikipedia.org]. Basically, these are big, beefy external zener diodes that can clamp this type of event. HOWEVER, from what I recall, those diodes put too much capacitance on the line, which would do very bad things to high-speed data lines, such as the ones found in USB data lines. Transorbs are great for things like low-speed serial port lines (which explains standards like MIL-STD-1553 [wikipedia.org]. I do not know if transorbs have improved much (not done that sort of thing for 10 years), but these are the types of problems you have to face when dealing with something like this -- the devices needed to protect your USB ports might just make your USB ports unusable.

      • This is a high-voltage spike that fries semiconductor junctions. A fuse isn't going to do a thing. If you want to give the port a fighting chance of surviving, what you want is a clipper. I don't know what voltage and frequency you're looking at for USB2. It wouldn't cost a great deal, it's just that there's never been a call for it.

  • by Hognoxious ( 631665 ) on Friday September 09, 2016 @04:40PM (#52858159) Homepage Journal

    If you have physical access to the device, you can beat the fucking shit out of it with a rock.

    • by MobyDisk ( 75490 )

      Yes, but this only requires physical access to another person who has physical access.

      As a kid, I always joked about making a "deaths head disk" which would be a floppy disk that would go up in smoke. You would put 1/2 of a flammable chemical combination on the inner rings of the spinning disk, and the other 1/2 on the outside rings. When the drive spins the disk, the chemicals mix, producing *boom*.

    • Sometimes you don't have physical access to a device but physical access to a person that does. Label this "Vegas Photos" and drop it in a parking lot.

  • How is this different from any other form of vandalism? I'm guessing an exposed earphone jack on an airplane's entertainment console can also be used to harm the device. Saying this is an example of insecurity is like saying that a door being flammable is an example of a door being insecure.

    • by Obfuscant ( 592200 ) on Friday September 09, 2016 @04:54PM (#52858317)

      How is this different from any other form of vandalism?

      It's not. It's not "security testing", it's not something an honest "security tester" will have in his "toolbox". It's vandalism and destructive behaviour pretending to be respectable activity.

      How DARE anyone expose a USB port where something can be plugged in for some legitimate purpose? Those money grubbing airlines who are putting USB charging ports on their seat-back systems so you can power your mobile device while on a four hour flight -- how DARE they! And those charging ports that are starting to show up in the waiting areas for those flights? They deserve to be taught a lesson. Kill anything with a USB port on it. It's "security testing" to see if they can survive. Who cares if the service they were providing goes away?

      "Because I can" is not an excuse for destroying other people's property. "TV-B-Gone" is an annoyance; destroying someone's $1000 laptop because they fell asleep next to you on the airplane while it was running and it happened to have an open USB port is pathetic. There is no legitimate purpose for this thing. If you need ESD testing for your own hardware designs, use the appropriate tool. ESD testing other people's stuff is, and should be, criminal.

  • by grilled-cheese ( 889107 ) on Friday September 09, 2016 @04:44PM (#52858205)
    Is it evil if I were to buy several of these, scratch the warning off, and leave them around the building/parking lot after a computer security meeting just to see who plugs it in first?
  • Electronic pulse igniters could be bought for a lot less. And they do just the same to your electronics, though they are not as handy as this new gadget.
  • I had a very similar idea years and years ago, but for electrical outlets on sensitive power circuits.

    wallwart sized device charges up many megavolts in a resonant coil, then discharges it back into the mains.

    the breaker will blow from the backfed voltage, but all the expensive devices attached will be smoked.

    given how often proper building wiring is real consideraton over cost (sarcasm), and how useful a major, system wide disruption of this nature can be for interntional terrorism/counter intelligence, I

    • In my own testing, you only need to bridge the prongs together directly and any breaker on the circuit will overheat in a minute or so and trip.
      • a blown breaker is easily fixed, and causes only a few mins of system downtime.

        smoked PSU voltage regulation circuits take a little longer.

        hollywood style:

        you want to keep edward snowden from boarding his flight. you plug in on the complimentary power recepticle, 30 secs later, the airport terminal is down, and cannot process boarding passes. he canno board at another terminal, because the whole system on the user-end is down.

        • you want to keep edward snowden from boarding his flight. you plug in on the complimentary power recepticle, 30 secs later, the airport terminal is down,

          You think smoking a complimentary USB charging port is going to shut down an airport terminal? You're on drugs.

          Oh, but if you put it into the charging port on the airplane and smoke the seatback display! That will surely disable the aircraft, right? Sorry, that aircraft will be fine, it will just have another non-working seatback display that will eventually get replaced.

          There is no justification for this device. None at all. It is intended only to destroy other people's property.

          • you dont plug a wallwart into a usb port, idiot. troll elsewhere.

            • you dont plug a wallwart into a usb port, idiot. troll elsewhere.

              And plugging your "many megavolt" wallwart into a complimentary charging outlet isn't going to shut down an airport terminal, either, moron. It will blow the breaker in the charging station at worst, destroy stuff other people have plugged into the same charging station maybe. But shut down the terminal? You're on drugs. Or you are a troll.

          • you want to keep edward snowden from boarding his flight. you plug in on the complimentary power recepticle, 30 secs later, the airport terminal is down,

            You think smoking a complimentary USB charging port is going to shut down an airport terminal? You're on drugs.

            Oh, but if you put it into the charging port on the airplane and smoke the seatback display! That will surely disable the aircraft, right? Sorry, that aircraft will be fine, it will just have another non-working seatback display that will eventually get replaced.

            Smoke in the cabin. Smell of electrical fire. What do you think the airline is going to do?

            • Smoke in the cabin.

              From what, a "smoked" seatback display? The term "smoked" doesn't mean "emits vast quantities of smoke", it means "broken". I've "smoked" lots of electrical bits, and except for a few cases none of them have emitted smoke. That's especially true when I've "smoked" a cute little IC by putting too much voltage on it. The last one was a precious little Nano that started drawing about 200 times the current it should have. Had it been properly fused, the fuse would have blown and I'd be wondering why it wasn't

    • wallwart sized device charges up many megavolts in a resonant coil, then discharges it back into the mains.

      If you could design insulation that would allow a wallwart sized device to develop many megavolts internally without frying itself, you could make a fortune and wouldn't need to destroy other people's property.

      the breaker will blow from the backfed voltage,

      Breakers blow from current, not voltage. You can't generate a million volts with sufficient current to feed back into a wiring panel from the same line you take the current, at least not without a huge storage capacity and a long time to fill it. Wallwart sized? Hardly. What you might be able to do i

      • having many rooms on a single power drop from the breaker, jackass. you can cripple many systems by exploiting cheap assedness in planning of the power infrastructure. wont work on a proper data center, but will easily kill whole cube farms for days.

        insulation of that kind is easy. sealed glass vial filled with sufur hexafluoride gas.

        megavolt voltages are easily obtained with 19th century wiring designs. we have much better conductors and material now. they make supercaps that can handle that kind of load,

        • having many rooms on a single power drop from the breaker, jackass.

          Speak in complete sentences so you might have a chance of making some kind of sense, please. So what about having multiple outlets on one breaker?

          you can cripple many systems by exploiting cheap assedness in planning of the power infrastructure.

          So your idea of "proper building wiring" is a home run for every outlet to individual breakers? But even that's not enough, since breakers are connected to the same circuit on the back end. Putting "many megavolts" into one breaker on one circuit will feed that voltage out the others on the same circuit. So you must think that a single phase for each breaker and o

          • apowercap just came to mind. if you want small, high voltage caps, try tdk.

            http://www.digikey.com/en/prod... [digikey.com]

            also, again, glass vial enclosure full of sulfur hexafluride. it does not conduct electricity, a least not in the ranges being discussed.
            https://en.wikipedia.org/wiki/... [wikipedia.org]

            • apowercap just came to mind. if you want small, high voltage caps, try tdk.

              50kV is closer, but still at least 1/400th the "many megavolts" you want to create. And they're 10,000pF or below.

              also, again, glass vial enclosure full of sulfur hexafluride.

              I refer you to this [dtic.mil] report from the Air Force Materials Laboratory, specifically page 12, which shows a DC breakdown voltage of just over 200kV for a 2" gap in SF6. It's hard to have a 2" gap in a wallwart that isn't much bigger than that. That's one fifth of a megavolt; much less than your "many megavolts". And, as someone else pointed out, you have to get these megavolts out of the wallwart,

    • the breaker will blow from the backfed voltage, but all the expensive devices attached will be smoked.

      With a device as small as a wallwart, the breaker will almost certainly NOT blow, unless your "many megavolts" pulse is long enough and of a low enough impedance that it breaks through the insulation and causes and ionized channel between Hot and Neutral or Ground. And it's likely only *some* of the devices attached that will be smoked.

      • wallwarts can be surprisingly large.

        imagine something the size of a laptop power brick, if that makes you feel better.

  • A "kill sledgehammer" works for the same reasons.

  • Less malign devices (Score:5, Interesting)

    by phorm ( 591458 ) on Friday September 09, 2016 @04:58PM (#52858361) Journal

    I wonder what other fun things you could do with a USB-charged capacitor, preferable things that don't cause actual damage.
    How about a tiny speaker that plays in a loop
      "This idiot just plugged in a hacked USB device!"

    • by ffkom ( 3519199 )
      A primary cell like in a "happy birthday"-playing-postcard is probably cheaper then utilizing a capacitor.
  • Nope, nope and nope.

    Guess who decided to drop this post a message? Its me! Someone with actual knowledge of electronics. The device you see there is 99% incapable of destroying anything but an USB port at best. Most modern motherboards today come with high voltage protection, this is the usual anti-static protection that has been implemented in chips for years. You know...when you walk around with wool clothes on a carpet, your body is essentially ONE big capacitor walking around with potentially kilovolt
    • by rahvin112 ( 446269 ) on Friday September 09, 2016 @05:15PM (#52858529)

      Didn't see the You-tube video of the concept version of this being demoed on a laptop did you? Fried the screen and board in the first pulse and took out the power system and everything else with the second (each pulse takes about a second to charge and release). These things are not pushing a 10V signal on a 5V line, they are pumping a 230V charge into the port with magnitudes more amperage than static electricity, the simple over-voltage protections on current USB ports can't protect against this.

      A real solution to a device like this will require a far more robust design on the over-volt protection on the ports. Something that can resist 200V+.

    • I can see maybe MOVs on the AC line inputs to help protect against transient voltage spikes, but are saying that all VLSI chips have diodes on every single input and output pin? If this is true, and it really does protect against static discharge, then why does every PC Board manufacturer make their employees wear grounding wrist straps?

      I agree that this killer USB stick would most likely just kill the USB buffer, or just open the polyfuses, but in the worst case, it might fry the southbridge, and that wo
      • Yes, all VLSI chips have diodes on every single output pin. Except the really, really high-frequency pins. But these diodes are tiny and delicate things. They provide only a moderate level of protection.

  • A lot of amused pentesters explaining to their employer that until their employees stop plugging in random USB sticks they really can't help.
  • It would cost a bit to implement, but wouldn't be at all hard to develop: a USB port that kills 'kill sticks'. Protect the data lines, sense the way-too-high voltage coming in on said lines, and counter it with a power source having *bigger* voltage and substantial current capability. One $55 investment down the drain, and one fucktard of a vandal gets a comeuppance. Bonus points for implementing video capture, and sounding a loud piezo buzzer, as soon as the vandalism attempt is sensed.

    Of course, minus poi

  • Someone's going to get this and fuck shit up for the lulz.

  • Just in time for November...
  • Other ways I can attack the copy machine.

    I could light it on fire.
    I could throw it off a building.
    I could tie a brick around it and drop it into the ocean.
    I could threaten to expose the its darkest secrets to the copy machine's family.

  • Wireless, kills your device and the device killer.
    So easy
    . $249.99
  • The last design I examined back in 2015 used an inverting DC-DC converter. The converter would take power from the USB port to charge a capacitor bank up to -110VDC, and dumps it in the data pins, and repeats until there is no longer power to the bus. This is how it bypasses/destroys any TVS diodes.

    I would love to have a version with a hidden switch to change between data storage and kill, that destroys the data along with the computer it is plugged in to.

    Imagine the look on the thief's face when he plugs i

  • out of antimatter
    It not only destroys the device you plug it into, but also the city where it is located

  • Buyers list will be sent to the FBI

  • And I always just used an usb connector fixed onto one side of a 3 Meter power cable, I guess I'm too oldschool for this.

  • by thygate ( 1590197 ) on Friday September 09, 2016 @06:45PM (#52859109)
    "-200VDC is discharged over the data lines of the host device." is all it says, but the charge will be tiny, i find it doubtful that this will do anything beyond maybe fry the usb controller or possibly some diodes.

Every little picofarad has a nanohenry all its own. -- Don Vonada

Working...