A long time ago, I posted a comment on #FB regarding USB Hardware Kill Sticks to an audience of disbelievers. So, as I’m trolling the ‘Net, I came across a legitimate manufacturer of such devices, aptly named: https://www.usbkill.com/; complete with a valid SSL certificate and secure shopping cart. Kudos to them for some great advertising on their site. Here are some of their catchy selling points:
- USB KILLLER V3: 1.5x Power, 2x Faster Surges, 2x Stable
- Used by police & industry worldwide
- CE & FCC APPROVED
- FREE SHIPPING
- Size + shape of a normal USB drive
- Anonymous version for no branding
- No sale to minors
- BLACK FRIDAY PROMO
- CYBER MONDAY MADNESS
- DEDICATED CUSTOMER SUPPORT
As they point out, a whopping 95% of all consumer USB devices are vulnerable, including laptops, phones, network devices, gaming consoles, cars, and industrial equipment. They have some informative videos to demonstrate the effectiveness of their product:
- USB Killer 3.0 VS LG TV (Best kill yet)
- USB Kill V3 vs iPhone 7
- USB Kill 2.0 VS USB-C (Zenphone 3)
- USB Kill 2.0 VS Car: Are you at risk?
- USB Killer 3.0 VS Google Home
- USB Kill 2.0 VS USB-C (Zenphone 3)
“The device, once connected to a USB port, charges to -200VDC via the USB power rails, before discharging it down the data lines. This happens several times per second, until unplugged, or the host device fails.” Technical specifications:
- Input voltage: 4.5 – 5.5 VDC
- Output voltage: -215 VDC
- Pulse Frequency: 8 – 12 times / second
- Pulse current: ≥180A
- CE & FCC Approved, allowing you to test in complete safety.
This might be useful to a product design or test engineer. While they don’t condone the product’s use for nefarious purposes, there really isn’t much use for it otherwise. I can easily see this being used in technology campuses (like Silicon Valley) to get rid of the idiot at “that other company” who wants your source code. How about dropping a few of these in your competitor’s giveaway promo bin at the next trade show? At your favorite medical practice, plunk one of these babies next to the Insurance Representative who’s there to copy off some medical records. Watch those sparks fly! Regrettably, there’s thousands of “uses“.
If you are a business, you can *help* protect yourself by using “USB Caps, USB Covers, or USB Dust Caps” on unused USB ports on your workstations. There are plenty of vendors to chose from on Amazon.com and they are cheap. You should also include a Use and Liability statement in your Computer and/or Network Use policies. Private transportation drivers, like Limousines, Uber, and the like, should also cap their vehicle’s USB ports. I can’t imagine what it would cost to repair a vehicle’s blown-out USB system!
Home users should exercise some common sense. Make sure the friend that hands you a USB stick is truly a friend. Your Smart TV, DVR, Google Home, Amazon Echo/Echo Dot, all have USB ports. If you have a child living at home that is just “smart enough to be dangerous”, then some USB caps *might* be helpful as well. It wouldn’t be fun to come home to find your stuff has been blown up by some miscreant’s USB Kill stick.