Article link: http://thehackernews.com/2016/09/usb-kill-computer.html
Wow! Talk about your Super Spy type stuff. (Queue Mission Impossible Theme Music now: https://www.youtube.com/watch?v=XAYhNHhxN0A).
So now do we not only have to worry about the digital data that can be stolen or compromised, but now comes this new item that will basically destroy the internal components of your computer.
This killer USB stick, once plugged into a USB drive, will charge capacitors within it and then release a deadly charge back into the system that will destroy internal components. The company claims they developed the device for companies to test their devices for USB power surge attacks.
You’ve been hacked and now, destroyed. Trying to piece together what information has been compromised from a functional machine can sometimes be impossible. Now, you might be left trying to figure out what happened without even having the machine available to you.
It’s mind boggling that any person can get one of these devices for $49.95 over the Internet. How do we combat hacking and theft, and now destruction, when the tools necessary to wreak havoc come so cheap! Just another item in the constant dance to keep us on our toes!
Scott,
This is an interesting article. The first time I had read about this device was because it was trending on Facebook. Within a matter of seconds, a USB can destroy a computer. The company claimed this is necessary for proper IT security because companies should have their USB ports disabled on public machines. It seems as though Apple is ahead of the game with devices such as this. “However, the only devices not vulnerable to USB kill attacks are recent models of Apple’s MacBook, which optically isolate the data lines on USB ports.”
Scott,
I read this article as well online. Its interesting to see how some attacks can not just steal personal information but to completely break a system. Someone who wants to do severe damage to a organization’s information could be on a tour of facilities and just sneakily plug this USB into a server causing it to fail. This goes to show that not only information security is a concern but also physical security in an organization.
In the past, USB drives are always a device that help virus or malware to get in our computers. This is a $50 USB destroys a $1000 computer. I would say let’s not use USB anymore. Cloud is more convenience and safer to use. Cloud’s password may be breaching too but it won’t destroy your computer at least. Personally, I think USB is old technology that we can abandon now. However, nothing is one hundred percent safe.
I don’t think that to respond to a vulnerability we remove the feature entirely. For most companies, losing a terminal is not losing data. They would respond to someone smashing the computer with a hammer the same way. Since the user needs physical access, other controls like monitoring who can use the computer or video surveillance means you’d be able to prosecute the saboteur and possibly get your monetary losses back. If you have to leave a computer in public, like a library, it probably is best to remove USB ports from the motherboard. The cloud can often be inconvenient to sign into compared to plugging a flash drive in. There is also data that some companies don’t want in a third-party’s cloud that would be ok on flash drives.
There is also a less dramatic software version developed as a response to the “Mouse Jiggler”. It detects USB activation and can wipe drives, shout down machines, or any other action the user wishes. Mouse Jigglers are USB devices that mimic slight mouse movement to prevent the activation of screen savers.
Wade
Scott,
I also saw an article on this and I’m glad you posted. I hadn’t seen the video, but I though it was kind of funny and scary at the same time Even with the sketchy shield, I wouldn’t plug one of those in my computer!
I imagine that companies will begin to make hardware changes to address this threat, but many devices might be vulnerable to this threat until they are replaced. I wonder if you can protect against this threat with software changes (e.g. patches) or disabling USB via group policy. Otherwise, get the super glue out!