The most user-friendly and portable data storage devices available today are known as a universal serial bus, or USB, drives. However, you shouldn’t let your guard down around that USB drive because it looks so innocent. A USB drive, in addition to being able to carry malware, can also function as a USB killer, which will permanently damage your computer.
How does a USB killer function, and what steps can be taken to protect yourself from it?
What is a USB Killer
A USB killer is, as the name suggests, a modified USB drive that, when inserted into the USB port of a device, has the potential to cause damage to or even completely destroy the device.
For the purpose of accomplishing its mission, a USB killer will repeatedly subject the connected device to an increased voltage of 210–220 volts. This repeated high-voltage power surge causes irreparable damage to the host device’s electrical system because a USB port is only designed to handle 5 volts.
It is believed that a Russian computer researcher going by the alias “Dark Purple” was the first person to create a virus that could destroy USB drives. In addition, the concept behind its creation was to evaluate how well a digital device could cope with sudden spikes in power.
USB killers are not, however, used for this purpose by computer manufacturers or penetration testers.
Instead, they use programs known as USB killers to cause damage to the computers of their victims. They can quickly acquire a USB Kill device for as little as $3 if they so choose.
Worse yet, cybercriminals can easily convert inexpensive USB ionic air purifiers into USB killers by making a few simple modifications.
How does the USB killer attack works
Capacitors are used throughout a USB killer gadget to help conserve electrical power. When you connect it to a computer, it draws electricity from the computer’s USB port and uses that to charge its capacitors.
After the USB kill has been completely powered on, it immediately sends all of its power—200 volts or more—back over the data lines of the same USB port where it was plugged in. This causes the host device to fail since the data pins are only able to withstand a minute amount of power, which is just sufficient for sending and receiving signals.
USB assassins used to be basic plug-and-zap gadgets; but, in today’s world, they have evolved into strong killers with extensive capability.
For instance, cybercriminals may now purchase a USB killer that comes equipped with an inbuilt battery that can be recharged. A USB killer of this type can cause damage to the host device even while the device is not actively being used.
The following are examples of some of the advanced assault modes offered by modern USB killers:
- Remote Trigger: One can initiate an attack via a remote control.
- Timed Attack: One can schedule a date and time to trigger the attack.
- Smartphone Trigger: One can manage attacks via an Android or Apple smartphone.
In addition, those who pose a threat can quickly obtain a variety of adapters to destroy devices by way of a display port, HDMI port, micro USB, and other ports.
A former student of St. Rose in the United States used a device called a USB Killer to damage 59 computers, seven computer displays, and computer-enhanced podiums. Because of his illicit deed, the equipment was destroyed to the tune of $51,109. In addition, the cost of replacing damaged equipment and paying employees for their time to investigate was $7,362.
Killers for USB ports are readily available for purchase over the internet, making it simple to acquire one.
Thus, it is imperative that you take the required precautions to safeguard your devices against assaults using USB killers.
How to identify a USB killer Device?
Unfortunately, you cannot tell the difference between a USB drive and a USB killer based solely on appearance alone.
In order to make that conclusion, you will need to open the casing of the USB drive. The conventional USB Killer consists of many capacitors that can hold the power that is drawn from a USB port.
You are going to need a USB killer detector in order to determine whether or not a USB drive is a USB Killer without having to open the casing of the drive.
On the other hand, the USB drive that you have just discovered in your parking garage might have been placed there on purpose in order to carry out a USB drop assault.
So, it is dangerous to plug an unfamiliar USB drive into your computer, even if a USB Killer detector determines that there is no chance that the disk contains malicious software.
How to prevent USB killer attack
The following are some methods that can be used to protect your hardware from assaults via USB killers.
Avoid Using Any USB Drives That Are Unknown to You.
Unidentified USB drives present a significant risk of a security breaches for people as well as for corporations. Nonetheless, people continue to plug in USB drives that they discover by chance.
Researchers from Google, the University of Michigan, and the University of Illinois Urbana-Champaign dispersed 297 USB flash devices over the campus of a university. According to the statistics that they have provided, they report that 45 percent of USB drives were used to pick up and open something.
As a result, the fact that cybercriminals use USB devices to carry out USB drop attacks and USB killer assaults should not come as a surprise to anyone. And if you want to safeguard your company from the dangers associated with USB drives, the most effective measure you can take is to forbid your staff from opening any USB drive whose source is unknown.
Disable USB ports when possible
In the case that it is feasible, disabling USB ports is a good method for preventing USB Killer assaults as well as any other types of USB attacks.
The following is a guide that will show you how to disable USB ports on your Windows computer.
- Press Windows + X, and then click on the Device Manager tab.
- Double-click on the Universal Serial Bus Controllers option to expand it.
- Right-click on the USB port to open the context menu. Then, click on the Disable option.
Go to Device Manager > Universal Serial Bus Controller, and right-click on the USB port to open the context menu. Select the Enable option to enable USB ports on your PC again.
If you are required to leave a USB port open, use a type C port because it provides cryptographic authentication. This will ensure that the device does not receive any power or data that is not intended for it.
The most recent version of Apple’s operating system automatically prevents any new USB-C devices from communicating with the system until an authorized user gives their stamp of approval.
Train Your Employees
The most important factor in avoiding damage to your computer from USB Killers is the diligence of your workforce.
Therefore, it is important for your company to regularly hold training programs for cybersecurity awareness. Make sure your staff members are aware of the potential risks that are associated with plugging an unknown USB drive into a company computer.
They need to be aware that USB Killers can be disguised as other devices, such as USB ionic air purifiers. By leaving USB drives around the premises of your business, you can also conduct routine tests to determine how well-prepared your staff members are to defend against USB Killers.
USB killer attack is a dangerous attack that needs to be avoided
USB Killers are harmful. As soon as you plug it into a USB port, it will quickly cause damage to a computer. Never use a USB drive that you are not familiar with on a computer; this is the most effective way to prevent USB Killers from causing damage to your computer. If you adhere to the best cybersecurity practices, you will offer yourself the best possible protection from the vast majority of attacks that involve USBs. For an additional layer of protection, you can have the USB ports in your company physically capped or disabled altogether.
Would you like to read more about USB killer attack-related articles? If so, we invite you to take a look at our other tech topics before you leave!