(Image: USBKill)
Posted on 03/18/2017 6:54:27 PM PDT by Swordmaker
When plugged in, this weaponized USB stick can destroy laptops, kiosks, ATMs, cars, and more.
Remember that USB stick that would destroy almost anything in its path, from laptops, photo booths, kiosks, to even cars?
Now there's a new version, and it's even more dangerous than before.
In case you missed it the first time around, a Hong Kong-based company built a weaponized pocket-sized USB stick, which when plugged into a device, will rapidly charge its capacitors from the USB power supply and then discharge, frying the affected device's circuits.
Dubbed the USB Kill stick, it fries almost any device with a USB port, though modern Apple hardware is apparently not affected.
The makers of the USB Kill stick have created a more powerful version with a higher voltage and amp output and a three-times faster pulse rate of up to 12 times a second.
(Excerpt) Read more at zdnet.com ...
“bad boys rape our young girls with Violet gives willingly”
The last time I checked there were 3 colors starting with B but only 1 starting with W.
Should be “but Violet ....”
“So, would this be useful for killing a hard drive quickly?”
The data would still be on the drive.
BBROYGBWVGW?
WTF?
I read it. The better way to read their advertising puffery than "Test everything!" is "Try to kill everything!"
There is no need to make a piece of test equipment disguised as a USB memory stick and the fact they manufacture these also in an unmarked and unlabeled version as well, shows that these are intended to be used maliciously, not as a piece of test equipment. Everyone who has look critically at this product comes to the same conclusion. There are other ways to test your USB ports, adaptors, cables, etc., than a self-contained USB killer device such as this that will kill the device it is plugged in to.
This verbiage is called "cover your ass" legal smoke. The maker put it in there so they have plausible deniability when they are sued by people damaged by what they will characterize as "customers misusing our test product." They will point to that smoke screen and cry out "See! We are selling a very useful piece of test equipment!" Again note their own words ". . . can immediately deliver an USB Surge attack to any lightning device"! They condemn their own product with their own words. (Emphasis mine.)
Note their own "Conditions of Sale," which is more cover your ass verbiage:
Sale of equipment from USBKill.com is subject to terms and conditions.
Purchase of product is express acknowledgement and acceptance of the terms and conditions.NO SALE TO MINORS
Our products are specialised test devices that generate high voltage. They are not toys, and are not available to users under 18 years of age (or applicable legal age based on the customer's geographical location)NO MALICIOUS USE
Our devices are intended for ESD testing. Testing is intended for use on equipment owned by the user, or equipment whose owner has given express permission for testing.USBKill.com is not responsible for malicious use or willful destruction of equipment.
TERMS AND CONDITIONS OF SALE
Full terms and conditions of sale are available here:
https://www.usbkill.com/content/5-terms-and-conditions
These terms are legally binding with the conclusion of your purchase.
Note they claim they won't sell to minors, but there is no legitimate test during the sale to prove the purchaser is an adult.
The claim that their new device can get around Apple's sophisticated authentication chip is just more smoke. . . unless their device is registered with Apple they are STEALING the authentication from some other legitimate Made For Apple certified developer, because Apple is certainly not going to certify a maker whose product is intended to destroy Apple products. MFA certification is only necessary for a legitimate developer.
However, such an authentication chip is not what I was referring to when I commented that Apple has their devices protected. They use the same type of circuitry in their iPhones and iPads that they use in their iMacs to protect those computers, only miniaturized. The authenticate chip is not part of that surge protection. It IS possible that a large enough Surge of voltage and amperage could still arc across the small traces on a micro-circuit board.
They may be able to charge their device by getting around the authentication chip, but it is unlikely the surge will get through to kill the device. It is, however, likely to kill the authentication chip, which will then kill the cable.
Incidentally, the other way I know they are lying is that the easy way for such a business to get around the authentication chip is to build their own adaptor that connects direct from the KillUSB to the lightning port without the chip, which is built into the cables. Merely use the lightning adaptor connector without the chip, tap the voltage to charge the capacitors, and then send in the surge. Voila, kill accomplished, if that were the thing blocking doing it. From what I see, that is what they have done. . . and the claims of a special engineering is bogus.
They don't need to engineer around the chip for what they are attempting. All anyone would need is to have the adaptor, if it would work. They are just trying to extract an additional 14.99 Euros out of the customers to buy a straight through adaptor.
Perhaps the best line from the article: "This is another reason why you shouldn't plug in USB sticks you find on the street."
Thanks to Swordmaker for the ping!!
“”” Do you know what the 7 Layers is it’s not a burrito””””
Is that like the three sea shells?
You sure about that?
This takes out the USB Hub and likely anything on the same 5V supply line. Likely every controller. So while the data on the platters may be fine, any open files in cache is gone. Any encoded files via HDD bit locker are likely gone as you lost every controller in the box. The HDD controllers are all shot.
Getting the data off the HDD without any HDD controllers to reference means some major surgery. So it is now an issue of cost, so while the data is still there; is the cost to recover the data make it worthwhile? I am guessing recovery >$2,000
They are throwing a big nasty pulse on the 5V_Logic plane. Depending on how well the boards handle voltage spikes (and companies like Dell tend to minimize the isolation caps to save money) this could take out the USB Hub (because it is closest) but then the South Bridge or I/O Hub and basically brick the entire machine. As long as the 5V_Logic bus is hot, this device is going to send pulses out on the bus and do damage.
Then you have the “walking wounded” IC’s that may still work but are severely degraded. Such as the processor. The smaller the transistor geometries, the more susceptibile they are to this kind of damage.
We used a log splitter on a stack of them last year.
“Bad boys” is the PC version of the original.
Stuxnet? Siberian Pipeline Explosion?
I've seen some motherboards that have been hit by surges with nothing left operational. RAM, Eproms, traces arced, nothing. But those were surges allowed through the power supply.
This USBKill attack, coming through the USB port, I will have to admit I am not sure how far the surge would get before enough damage would be done that components would be protected by destruction of other components acting as fuses or circuit breakers for other components further away from the USB port. I think it would be a crap shoot. Memory is volatile and would change with minor voltage/amperage variations before failure, so that would have to be considered as well.
I do know that the physical platters of a normal HD would likely be safe. I don't know about the memory on a solid state drive after such a surge and what condition it would be in.
I do agree, as I said, that economic decisions have to come into the equation when deciding about the value of the data recovery. I have actually told clients they would be better off junking a compromised but perfectly good OLD Windows PC computer and buying a new one, than to spend the money necessary to take the time and cost of wiping and restoring the OS, custom software, data, and configuring to the network of the old one, because they would then have a soon-to-be-obsolete model PC that would shortly need upgrading anyway and a new one would have the latest bells and whistles, and a faster processor with faster and more RAM, plus a new warranty, and the cost to install his custom software, data, and configuring on his network is the same. . . and he could usually take a Federal tax credit on all of it, that mere repair of the old one did not permit!
Of course all of this is predicated on there being an up-to-date backup. Too bad a lot of people got lazy about backups being made religiously.
Did you know that Apple removed the "Secure" erasure method of removing data on HDs from the menu? It's still available from the Terminal, but the reason it was removed is that it is totally unnecessary to be used on SSDs because no ghost data is left remaining when data is deleted from an SSD and because there is a finite number of times a memory location can cycle on an SSD, it is NOT a good idea to write random 0s and 1s to overwrite the original data on an SSD to obliterate the original data as that method did on magnetic media hard platters or floppy disks. So, to protect the longevity of SSDs, Apple removed the option. If you desire to secure erase a file from a physical HD, you'll have to use the Terminal command for that function.
I wish they had left the option, and merely used a routine to determine whether a user were trying to apply it to an SSD, and then just did the proper erasure technique as required, using a standard erase on an SSD, and the multiple random overwrite technique on a hard or floppy disk magnetic media storage. That would have preserved the secure erasure for everyone without having to jump through Terminal hoops of Unix commands.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.