Introduction

What’s more ubiquitous in the PC world than USB sticks? They’re easy to use, affordable and are used by millions of people on a daily basis. Everyone knows that USB sticks can house nasties, including malware, but did you know that this same little drive can completely destroy a system by simply inserting it?

Welcome to the destructive world of USB Killer. This article will explore the USB Killer, how it works and how you can effectively protect yourself against it. We will also examine a case study where USB Killer was used to wreak havoc on an educational institution.

What is USB Killer?

USB Killer is a modified USB drive that destroys computers when you insert it into the machine’s USB drive. There are different versions of this device, and you can even create a DIY version yourself for $3 or less.

USB Killer is often used as an example of why you should refrain from plugging in unknown USB devices into your systems. USB Killer drives are often disguised as air ionizers and fans, which can fool those with lax information security training.

How does USB Killer inflict so much damage?

The power of USB Killer lies in its functional simplicity: the device is able to inflict so much damage on systems by taking advantage of the interplay between USB drives and power. USB Killer doesn’t use malware or special equipment. It just sends high-voltage power into the computer it is plugged into, effectively destroying the system. In fact, USB Killer has the potential to send up to 200 direct current volts into a USB port — a death blow for any machine.

But how does it work? USB Killer charges the capacitor bank by using an inverted DC-to-DC converter. This power is sent back into the computer via the USB interface and is repeated in a loop. We’ll talk about the physical portion of this in more detail a little later.

Who created USB Killer and why?

The creation of USB Killer is mysterious, as there are a few origin stories floating around the internet. Some say that USB Killer was invented by a Hong Kong-based security team. Others say that a group of Russian hackers named “Dark Purple” invented it.

Regardless of the actual source, the reason for inventing USB Killer is more utilitarian and benevolent than you may think. In fact, it was made to test devices against the vulnerability that USB Killer exploits. This vulnerability has been an ongoing issue since USB technology supplanted other forms of storage media from the general market and is readily apparent from USB Killers’ ability to destroy most devices with USB ports.

USB Killer is sold commercially under the name USB Kill and can be found here. The product is marketed as a legitimate pentesting tool. It is worth noting that USB Killer comes with a sort of shadowy element, as you can purchase USB Killer without any apparent branding to reduce the suspicion of users. Depending on the intent and or negligence of the purchaser, this can lead to destructive results.

Can you spot a USB Killer?

Distinguishing a USB Killer from an ordinary USB drive is far easier said than done. Only one wire has been moved on the USB circuit board, which is sufficient to weaponize the drive. It should be noted that USB air ionizers are often used for DIY USB Killers because they have the closest internal components to USB Killers.

To determine if a USB ionizer is a USB Killer requires you to open the case of the ionizer and examine the wiring. You will find that an output wire has been removed and then soldered to both the nearest capacitor and the pin above the ground wire. That simple modification can turn it from a harmless accessory device to a destructive tool.

If you have the technical ability to perform this check, then you will be able to spot a USB Killer. But who wants to check the circuit board of every USB drive they use?

College of Saint Rose case study

On February 22nd, 2019, former student Vishwanath Akuthota went on a USB Killer spree. He visited 66 of the college’s computers all around campus and effectively killed them with a USB Killer stick. During his spree of “computercide,” Akuthota recorded a video of himself inserting the USB device into a campus computer. He said, “I’m going to kill this guy” and then showed the computer die.

This USB Killer spree amounted to $58,471 of damage. Akuthota agreed to repay the college when he pleaded guilty in court. He now faces up to ten years in prison and an additional $25,000 fine.

How to protect yourself from USB Killers

The good news is that you can protect yourself from USB Killers. However, many will find this to be slightly inconvenient.

The truth is that managed or policy-based measures will not work. If you try to use group policy to control whether USB drives can be used, this will stop the USB Killer drive from being used in a conventional way but not in a way that will protect your system. This is because whether the group policy control is used or not, power is still sent to the USB drive and back, giving the USB Killer the ability to cause destruction regardless.

Successfully combating USB Killer requires you to use some low-tech solutions. The easiest way of stopping USB Killer is to simply cap USB drives. This is the only way to physically prevent USB Killers from being inserted into a computer, but it would prohibit all legitimate, known and harmless USB drives as well.

The second easiest way to prevent USB Killer destruction is by properly training all users. Proper information security training will instruct users to not use unknown USB drives and should include commonly seen disguised USB Killers, such as USB ionic air purifiers. Seeing as physically capping USB drives may be prohibitively burdensome, solid information security training may be the only line of defense your organization has.

Lastly, consider ordering PCs that do not include USB drives. This may be increasingly difficult to secure as systems are heavily dependent upon USB drives these days, but if you can, it would prevent all potential USB attacks.

Security Awareness

Conclusion

USB Killer drives are incredibly dangerous to systems and will kill your computer faster than you can say “I shouldn’t have done that.” Couple this with its easily disguisable, legitimate-looking appearance and it becomes a serious threat, especially to large deployments of systems.

However, a second look at most of these situations will show you that adhering to strong information security training fundamentals will prevent most cases of unintended USB Killer attacks. If institutions want to prevent further intended USB Killer attacks, physically capping the USB ports is your only option for 100% prevention.

 

Sources

  1. How does USB Killer v3 damage devices through their USB connections?, TechTarget
  2. Destroy Any Computer Mobile With $3 USB Killer !, Kedar Nimbalkar (Instructables)
  3. USB Killer, yours for $50, lets you easily fry almost every device, Ars Technica
  4. Student used ‘USB Killer’ device to destroy $58,000 worth of college computers, The Verge