A Hong Kong-based technology company is selling a USB thumb drive called USB Kill 2.0 that can fry any unauthorized computer it’s plugged into by introducing a power flow via the USB port. It costs $49.95. What, you might ask, is the USB Kill 2.0?
Well, it’s a simple little device that plugs into any USB port! It draws power rapidly, filling its capacitors, and then dumps all that electricity right back into the device it’s plugged into. If that device is hardened against power surges or otherwise protected against huge electrical blasts, you’ll be fine. Unluckily, most of the stuff around us with a USB port is not hardened.
How does USB Kill 2.0 work?
As the company explains, when plugged in, the USB Kill 2.0 stick rapidly charges its capacitors via the USB power supply, and then releases – all in a matter of seconds this is how the Terminator style works.
The USB stick discharges 200 volts DC power over the data lines of the host machine and this charge-and-discharge cycle is repeated several numbers of times in just one second, until the USB Kill stick is removed.
“When tested on computers, the device isn’t designed or intended to erase data,” the company says. “However, depending on the hardware configuration (SSD [solid-state drive] vs. platter HDD [hard disk drive]), the drive controllers may be damaged to the point that data retrieval is impractical.”
“Any public facing USB port should be considered an attack vector,” the company says in a news release. “In data security, these ports are often locked down to prevent exfiltration of data or infiltration of malware, but are very often unprotected against electrical attack.”
The company claims about 95% of all devices available on the market today are vulnerable to power surge attacks introduced via the USB port.
If you’re wondering why anybody would engineer something that takes trolling to new heights, first of all, in many places, there really shouldn’t be a visible, unprotected USB port in the first place. Even if it’s just a copier or a photo booth, nothing is stopping far nastier people from, say, uploading malware that can be dumped on any other flash drive people slot in, or perhaps go into the operating system and swipe your credit cards. Secondly, if your job is to destroy electronic devices that contain sensitive information and make sure they can’t be brought back from the dead; this is a much cheaper and more effective way of doing it. You can also buy an optional safety shield, making this a quick, useful way to test whether a device is vulnerable to this kind of attack in the first place.
However, the only devices not vulnerable to USB kill attacks are recent models of Apple’s MacBook, which optically isolate the data lines on USB ports. But, um, maybe keep an eye on your laptop, just in case.