
USB Killer - skazka16
http://kukuruku.co/hub/diy/usb-killer
======
Smerity
Someone joked that this would be useful to ensure people won't randomly plug
USB drives into their computers. Sounds insane, except that...

"During a stop-over in Hong Kong, he finds a spare USB key in his hotel room.
Curious, he inserts it into his laptop. By the time he arrives in Australia,
his computer is infected."[1]

This was the one of the infection vectors for a large flare-up between the
Chinese government and a number of Australian based mining companies, all well
before the Snowden leaks that have only made the world more complex.

Given the choice between frying an employee's USB / computer (small monetary
loss) and allowing trade secrets to fall into the hands of competitors /
customers (large monetary loss), it's not crazy to opt for the former.

Standard practice has even gone further. A colleague of mine purchases fresh
laptops for when he goes overseas and then never uses them again. He doesn't
even work in an industry where commercial secrets are common. I'd hope that
anywhere that features security implications or commercial secrets would also
act at this level.

Perhaps an innocuous version of this, which starts a high pitch whistle, would
be useful in a corporate environment. Less destructive but resulting in the
the same security awareness.

[1]:
[http://www.abc.net.au/4corners/special_eds/20100419/cyber/](http://www.abc.net.au/4corners/special_eds/20100419/cyber/)

~~~
ptaipale
A standard procedure in somewhat-security-concerned firms is that when you
travel, you go and get a freshly installed travel laptop (a loaner) from IT
dept, use it on the trip, and after the trip, you return it to the department
that wipes out everything on the disk and re-images it.

This wouldn't protect against things like firmware-based malware, attacks that
major three-letter spy agencies could deploy when they focus on a target, but
because there is no absolute security and measures need to be balanced to the
threat scenario, this is a model that works pretty well.

~~~
rastapasta42
>A colleague of mine purchases fresh laptops for when he goes overseas and
then never uses them again. He doesn't even work in an industry where
commercial secrets are common. I'd hope that anywhere that features security
implications or commercial secrets would also act at this level.

IMO that's an overkill. Why not just use ICloak [1] or Tails [2]? They are
both Linux distributions which boot from USB stick without touching hard
drive, randomize MAC address and give you access to Tor and other goodies.

[1]: [https://icloak.org/](https://icloak.org/)

[2]: [https://tails.boum.org/](https://tails.boum.org/)

~~~
DanBC
Customs officals are agents of another, sometimes hostile, power.

If your risk assessment says you're worried about AoHPs then you can't trust
your computer after they've had it in their possession.

~~~
marssaxman
What are "AoHPs"?

~~~
ptaipale
Never heard the term, but by context I would guess "Attack on Hardware
Platform" or some such.

------
jonathantm
Best comment from the page: "It needs to have en eInk display to say 128, 129"

Such yes.

...

I was walking past a tall wooden fence the other day, you know the kind you
see outside a building site. As I walked along beside it I heard chanting
coming from behind the fence further up... they were chanting numbers, or
rather just one number. "Thirteen, thirteen, thirteen, thirteen, ..." they
excitedly chanted. It sounded like a small crowd, young and old; men, women
and children. All of them saying the same number over and over. As I
approached I saw a small hole in the fence just big enough to look through.
The hole was right where the sound appeared to be originating from. So, with
the crowd continuing to chant "... thirteen, thirteen, thirteen, thirteen" and
it seeming to become more intense as I leaned down to place my eye at the hole
and work out WTF was happening in there. Just as I put my eye to the hole a
small finger like that of a child poked me in the eye and the crowd stared
cheered loudly and started chanting again.. "Fourteen, fourteen, fourteen..."

~~~
ikeboy
Someone was waving a bunch of newspapers and yelling "extra! extra! 50 people
scammed! extra! extra!".

I went over and bought one. I looked inside, there was nothing about any scam.

Then I hear "extra! extra! 51 people scammed! extra! extra!".

------
caf
It would be cool to create a version of this that just sounded a really,
really loud siren. Then you could leave it lying around the office, and listen
out for the bunnies.

~~~
petercooper
Especially if it used capacitors or an onboard battery to keep the siren going
when someone inevitably yanks it out quickly :)

~~~
BorisMelnik
and of course label it " _boss name_ personal"

On that note, using it as a pentesting device could be interesting. Perhaps
just use the "beep" so the auditor can see how many people trust putting
anything into their PC, then at the end cite USB killer.

~~~
detaro
"loosing" USB sticks with a trojan that just phones home and deletes itself
seems to be the usual way to do that in pentests.

~~~
BorisMelnik
interesting, didn't know that. see what happens people come up with innovative
ideas all the time and have no idea they already exist!

------
13
I tried to do one better with a small flyback transformer.

[https://gfycat.com/GlaringGrimCondor](https://gfycat.com/GlaringGrimCondor)

Turns out there's not enough clearance in USB ports for tens of thousands of
volts.

~~~
comboy
Nice! But I'm guessing you wouldn't be able to fit that into a size that's
comparable with standard USB drive?

~~~
13
Possible at a pinch, the flyback I was using right there was about the size of
a walnut. You could lay most of it out flat with the voltage multiplier and
encase the whole thing in epoxy for (ha) safety.

I really wanted to go much higher with the voltages, but the amount of noise
this thing puts out de-focuses the camera.

------
junto
Reminds me of a story I heard many years ago. UK power plugs have three prongs
to include earth. If you rewire earth, live and neutral AND alter the plug
wall socket to match, then all is well, but if someone steals your PC then
plugs it in using a standard wall socket then ouch.

~~~
anomie
When my grandparents died and we sold their house (in the uk) we had some
builders in to tidy up some stuff and they discovered that in a big part of
the house the earth was actually wired to live in the sockets. They'd lived
with it for 40 years or something. Guess not many devices actually use the
earth.

(The wiring was originally done by my grandad'a brother - use a professional
people...)

~~~
taco_emoji
If you're not going to do it professionally, at least use one of these:

[http://smile.amazon.com/GE-3-Wire-Receptacle-
Tester-50542/dp...](http://smile.amazon.com/GE-3-Wire-Receptacle-
Tester-50542/dp/B002LZTKIA/ref=sr_1_2?ie=UTF8&qid=1425997170&sr=8-2&keywords=outlet+checker)

(that's US wiring but surely there's a UK equivalent)

~~~
mturmon
Nothing wrong with that device, but it's also nice to know about its big
brother:

[http://smile.amazon.com/Amprobe-INSP-3-Wiring-Inspection-
Tes...](http://smile.amazon.com/Amprobe-INSP-3-Wiring-Inspection-
Tester/dp/B005E0XSR8/ref=pd_cp_hi_2)

This tester can simulate a 10A or 15A load and measure voltage drop, which
should remain within 5% of its unloaded value (this is the recommendation in
U.S. code). This can identify situations where connections are weak, or wires
are too long or too thin.

It has also helped me to improve my wiring practices. It turns out that
keeping voltage within 5%, under a 15A load on a 20A circuit, is pretty
demanding, and a series of (say) 8 or 10 twisted connections may not meet it,
if you are not careful with your technique.

The device can also test GFCI outlets by allowing some current to leak to
ground. This provides an end-to-end test in situations where the GFCI is not
present at the outlet.

------
witten
I once encountered a computer that was the opposite of this; plug any USB
device into it, and the device would never work again, even in another
computer.

~~~
cesarb
At work, I encountered a HD which fried SATA ports. If you plugged that HD in
a SATA port of another computer, that SATA port didn't work anymore. I don't
know if the HD had been damaged by the computer it was originally from, but we
didn't use both that HD and that computer anymore.

There have been other stories of "contagious" hardware damage in the past,
like the infamous ZIP drive "click of death", but that HD is the first one
I've seen personally.

~~~
linker3000
Just had that with a SATA SSD - looks like it had a power bus short and it
blew a chip (dual FETs) on the caddy backplane. Lots of smoke.

Usual story: replacement part is about £0.50 and I could replace it in the
lab, but postage for one part is £4.

Might see if I can get one as a sample, or from the Far East with 'free
shipping'.

Many moons ago, I worked in the education sector and some smart kid ran a
paper stapler up a keyboard lead, leaving it full of metal staples. The power
short blew an axial fuse on the motherboard. The next user encountered a 'dead
keyboard', so they swapped it for the one on the next desk..repeat 6 times
before someone realised the fault was travelling with the keyboard...

------
mrb
This reminds me of the Etherkiller page (sending 120 volt to various devices:
NICs, HDDs...):
[http://www.fiftythree.org/etherkiller/](http://www.fiftythree.org/etherkiller/)

~~~
icelancer
The bus killer on this page is a real work of art, if I remember correctly it
kills PCI/AGP/ISA using card covers! (website was down when I clicked)

------
__david__
Reminds me of one my favorite "Bastard Operator From Hell" stories:
[http://www.chinet.com/html/bofh/tradeshow.html](http://www.chinet.com/html/bofh/tradeshow.html)

Turns out this is a very old idea. :-)

~~~
72deluxe
Haha very witty. Such a cynical outlook on life and people in that article.

~~~
__david__
Most definitely. There's a whole series of them:
[http://bofh.ntk.net/BOFH/](http://bofh.ntk.net/BOFH/)

------
cstross
If you're feeling ornery,you could fly with one in your hand luggage.

If the TSA or foreign equivalent border security want to scan your devices,
it's their look-out.

~~~
saganus
And then you will probably be charged with trying to hack the U.S. Government
and get like 1000 years of Guantanamo time.

Jokes aside... it would be interesting to see what would happen if someone had
such nerve.

~~~
cstross
Use a sharpie to draw a skull and crossbones on one side; on the other, write
DANGER.

When they ask you to hand over all personal electronics, point to it and say
"that's dangerous".

If, subsequently, they want to know why you were carrying it ... it was so you
could fry the USB port of your own laptop if you thought someone had snuck
some hardware-level malware into it.

If you tell them NOT TO DO IT and they go ahead and do it, I find it hard to
see how a court could convict you of wilfully damaging their forensic
equipment.

(To the extent there's any social engineering involved, it simply relies on
the tendency of police to ignore or discount unsolicited information from
members of the public who are under suspicion.)

Note that they won't be sticking the device in a laptop or desktop PC;
specialist forensic imaging machines are used by law enforcement to duplicate
data storage devices and maintain a legal chain of evidence. Oops.

------
derefr
The worst suggestion in the world: make one of these look like one of those
USB dead-drops.

~~~
TeMPOraL
I think it's the best idea ever. I mean, seriously, with all those USB-based
attack vectors do anyone thinks plugging your computer to a random USB port
sticking out of a wall is a _good idea_?

~~~
derefr
It's kind of a snide thing to do, though; _every_ physical interchange medium,
or object you might put in proximity to your computer, has physical attack
vectors. Optical disks can be weakened so as to become shrapnel inside a disk
drive. Magnetic tapes can be replaced with sandpaper and scratch the reader to
death. Any cassette media (e.g. floppy disks) can simply be filled with
glue—or, better yet, contain a small explosive.

So, there's nothing about USB that makes people especially deserving of
punishment if they go using strange ones; there's a base level of societal
trust required for the abstraction of a "side-effect-free data storage object"
to exist in the first place.

To say otherwise is similar to purposefully driving the wrong way down the
road and getting into a 28-car pile-up, and then saying that this is a lesson
in how cars are inherently dangerous and people should avoid driving near
strangers. The security mindset can only make you so safe; at some point, you
have to trust that strangers aren't trying to kill you in order to be able to
live your life.

(Though, in this case, you could just avoid all physical peripherals and ask
the person to email you the file instead. At least all you can get from that
is a virus.)

~~~
TeMPOraL
It's not like that. USB drives are a popular vector for transfering malware
_both ways_. Which means a perfectly good dead drop can become infected when
someone who didn't know he had malware plugs his computer in. USB dead drops
are not like cars - they're like a bottle of juice chained to a wall, that
anyone can drink from and refill it with whatever they want. You don't have to
assume malice to expect such a bottle to be a health risk - not everyone who
deposits a disease knows he is ill.

Of course I'm joking with my approval for installing boobytrapped dead drops -
but the point is, connecting to a random thumbdrive sticking out of a wall
sounds like a dumbest computer-related idea ever.

------
errantspark
I bet you could get a few thousand of these made for like 10 grand? I'm glad
people who just want to cause mayhem aren't competent.

------
Animats
Here are parts to design into your USB device to prevent that.

[http://www.mouser.com/applications/usb30_circuit_protection/](http://www.mouser.com/applications/usb30_circuit_protection/)

[http://www.te.com/content/dam/te/global/english/products/Cir...](http://www.te.com/content/dam/te/global/english/products/Circuit-
Protection/knowledge-center/documents/an-coordinated-circuit-protection-
usb.pdf)

~~~
mindslight
There are straight up isolators, like ADUM4160. For USB2, they're limited to
12mbit/sec though, because USB2 has a single bidirectional (terrible) data
line.

~~~
cnvogel
Also USB1.1 is (for the most part of the data transmission) differential and
bidirectional.

[https://commons.wikimedia.org/wiki/File:USB_signal_example.s...](https://commons.wikimedia.org/wiki/File:USB_signal_example.svg)

------
uptown
Evil.

I've often wondered what percentage of those dirt-cheap UBS devices sold on
eBay are actually trojan horses. Provide a basic functional USB hub at a cut-
rate price, but exploit the access to your customer's PC for nefarious
purposes. Seems like an easy crime to perpetrate.

------
vanontom
This is just one of many reasons why you should not ever stick unknown things
in your healthy ports (or your healthy things in unknown ports). Not without
protection. Safety first. But I'm a firm believer that people should be able
to consent to this kind of behavior if they really wish to.

~~~
Shivetya
So how do we make it absolutely safe?

Can a simple device be created that we can plug any USB into and simply
receive an indication its safe and its capacity? How hard can this be?

~~~
pavel_lishin
I'd love something that protects against this, as well as BadUsb.

------
hereonbusiness
One could give these out to activists around the world, they seem to be always
at risk of getting their electronic devices confiscated by law enforcement.

~~~
thret
Women who carry mace might also welcome one of these in their handbags. Or
people who keep getting inspected at airports. I'm sure there's a market.

~~~
hereonbusiness
I can already see the marketing slogan: "Stick it to the man" :)

~~~
fnordfnordfnord
Stick it anyone who uses your things without permission.

------
mcauser
If you use a USB hub, would both it and your computer get cooked, or just the
USB hub?

~~~
13
Depends on how lucky you are, there's no specific protection for something
like this.

------
agumonkey
Last year, I found a usb key on the ground, almost busted, still I'm too
curious to know what's in it so I bring it home. Plug it in, then I learn a
little more about the USB protocol as the kernel notifies me there's an "Over-
current condition on port 3", just before a tiny bit of smoke emerges from the
key.

------
drno123
I would like to see this device on kickstarter :)

------
api
It's a USB blotto box:
[http://cd.textfiles.com/group42/ANARCHY/COOKBOOK/BLOTBOX.HTM](http://cd.textfiles.com/group42/ANARCHY/COOKBOOK/BLOTBOX.HTM)

The old school version required a portable generator. Miniaturization at its
finest!

------
Jopika
The potential damage this implies is ridiculous.

Looks like I'm stocking up on Raspberry Pi-s to deal with my curiosity from
now on...

------
lisper
This is so not cool.

~~~
MichaelGG
Why? Sounds like a way to increase security awareness. Although, I suppose a
huge blaring alarm might do just as well. Leave them around your
office/parking lot and see who uses them. Then have a chat. Better they plug
in a bad device you control vs one carrying a truly malicious payload.
(Probably a good idea to attempt to phish employees, too.)

~~~
lawnchair_larry
Yeah, and randomly hitting people in the head with a bat is a great way to
increase concussion awareness, right?

~~~
aeykie
Deciding to put a stranger-USB device in your computer is a thing you do, and
decided to do. Getting hit in the head with a bat isn't.

~~~
jen729w
"I'm not a lawyer" etc., but I'm pretty sure that, in many if not most nations
with a broadly Western judicial system, the deliberate planting of this device
with the intention of causing harm will be illegal. It doesn't matter if the
poor fool plugs it in: you knew what would happen. Furthermore it's arguably
true that you intended it to happen. Therefore, you're a dick and you're at
fault.

------
nabla9
I would like a version that has small GPS receiver and can sends SMS with
location information when plugged in. It should works otherwise just like
normal USB. (could be the size of USB HDD for example).

------
hharnisch
Well at least the new MacBook won't have a problem with this device.

~~~
franciscogarcia
The machine will become a $2k paperweight if that port is rendered unusable.

------
cbr
I made a list of other way usb can be evil:
[http://www.jefftk.com/p/malicious-usb-
sticks](http://www.jefftk.com/p/malicious-usb-sticks)

------
emilecantin
Build this into a DeadDrop (seen on HN yesterday) for added fun.

------
nfoz
I believe the original is the Etherkiller:

[http://www.fiftythree.org/etherkiller/](http://www.fiftythree.org/etherkiller/)

------
Aardwolf
I understand the concept of the article, a USB device that will fry your
laptop by charging and applying high voltage.

But I don't understand the excerpt about the guy writing number 129 on a USB
stick and stuff. Why would he plug it in his laptop if he knew it would burn
it? And if it was intential, aren't there easier ways to burn it? Thanks for
explaining...

~~~
amyjess
He didn't know. After it burnt his laptop, he decided to pass it on and make
it easy for somebody to steal the key and burn _their_ laptop.

~~~
Aardwolf
I see. Thanks!

Highly unlikely that 129 people in a row respond like that though...

More likely is that someone destroys the USB device in anger, dismantles it,
is too shocked to do anything, doesn't interpret the number as a counter, or
doesn't want to ruin other people's computer. And, of course, that many people
in a row stealing a USB device from a backpack is already unlikely in itself.

~~~
elwell
Yeah it would have been clearer if he didn't use a power of 2 for his
counter's current state. Made me think it had to do with the device's storage
capacity.

~~~
jader201
I'm assuming the original story was actually told as a joke, where the "128"
number was intentionally misleading until the punchline at the end where he
incremented the number and "payed it forward".

------
CPLX
This immediately reminded me of the slightly infamous and almost certainly
apocryphal "box" of the phreaking era for supposedly overloading and
destroying your adversary's phone, or even taking down the local POTS switch.
It was called a urine box most commonly, or sometimes a copper box or assassin
box if I recall correctly.

~~~
BuildTheRobots
This [1] seems to indicate the urine box and the assassin box were actually
different, even though they seemed to achieve similar results. I'd be curious
to find circuit diagrams.

[1]
[http://www.aboutphone.info/lib/phreak/boxes-2.html](http://www.aboutphone.info/lib/phreak/boxes-2.html)

~~~
CPLX
Aha, that also reminded me of my favorite name for the thing, the Blotto Box.

------
renaudr
what about making it a normal usb drive as well. let me explain: when one
inserts the drive, one gets asked for a password. if you type the wrong
password, the usb drive shows you some fake content, and in the background
“burns down” everything it can. if you are the owner and type the right
password, you can use the usb drive normally

------
Qantourisc
This is pure evil! (not in a good way)

------
pi-rat
Pretty cool (and scary!) modern day version of the old anarchist cookbook
diskette bombs.

------
ademarre
Is there any chance this could be dangerous to the human and not just his
device?

~~~
sudhirj
If one wanted something dangerous to humans, one could just pack a USB stick
full of explosives and use the current from the port as a detonator. I'm sure
that's already been thought of before.

~~~
anon4
Or you could fill it with anthrax. Or dioxygen difluoride. Or chlorine
trifluoride. Or Australian spiders. Or African bees.

------
stef25
I thought I remembered reading something about quite a high profile hack that
was carried by infecting computers by people using USB sticks that were
strategically left on the floor of a parking lot near their car.

~~~
e15ctr0n
[http://www.cnet.com/news/stuxnet-delivered-to-iranian-
nuclea...](http://www.cnet.com/news/stuxnet-delivered-to-iranian-nuclear-
plant-on-thumb-drive/)

------
erjjones
.. worst written article ever

------
andmarios
Going to such extend to add a feature to USB which FireWire has built-in. :p

------
thomasfl
If any USB mouse, USB keyboard or soon also USB charger is a potential laptop
annihilator, then maybe it's something wrong with the USB standard.

~~~
aaronem
Well, anything with an electrical connection to anything else is a potential
"annihilator" of that latter thing. It's only USB's ubiquity, and its ability
to supply significant current to a downstream device, which are capitalized
upon here. (The latter, I concede, is useful in implementing a device
destroyer, but a small battery could easily enough replace it.)

------
aravan
What if the voltage kills someone? Is it not too dangerous?

Lesson is not to use/touch the USB stuffs not belongs to you. Good moral story
for 2nd grader.

------
leni536
Ouch. Not a traditional attack one would expect on a USB port. Would be there
any practical protection against this (surge protector, fuse)?

~~~
jpindar
You can buy isolated USB hubs.

------
buro9
Do you think he's tested it?

