What is USB Killer Attack?

Universal Serial Bus (USB) is the most convenient portable data storage device available today. But you should be careful with that cute looking USB drive. In addition to containing malware, USB can also act as a USB killer and damage your PC permanently.

How does USB killer work and what can you do to stop it?

What is USB Killer?

As the term suggests, a USB killer is a modified USB drive that can damage or destroy a device when you plug it into its USB port.

To achieve its goal, the USB killer continuously supplies a voltage spike (210 - 220V) to the connected device. Since USB ports are designed to handle only 5V, this repeated high voltage surge will damage the host device's electrical system and cannot be repaired.

The first USB killer is said to have been created by a Russian computer researcher working under the pseudonym "Dark Purple". And the idea behind its design was to test how well a digital device can withstand power surges.

However, computer manufacturers and penetration testers do not use USB killer for this purpose.

Instead, cybercriminals use the USB killer to damage the victim's computer. They can easily buy a USB killer for as low as $3.

Worse still, cybercriminals can easily modify a simple ionic air purifier to act like a USB killer.

How does USB killer work?

USB killer devices have multiple capacitors to save electrical energy. When you connect it to your computer, it draws power from the USB port to fill up its capacitors.

 

Once the USB killer device is fully powered, it will drain all power (200V or more) at once through the data lines of the same USB port. This would destroy the host device because the data pins are designed to handle a very small amount of voltage, just enough to send and receive signals.

Today, USB killer devices have evolved from simple plug-and-zap devices into powerful killer devices with enhanced functionality.

For example, cybercriminals can now buy USB killers with rechargeable batteries inside. Such a USB killer can destroy the host device even when it is turned off.

Some of today's advanced USB killer attack methods include:

1. Remote Trigger: Someone can initiate an attack via remote control.
2. Timing Attacks: Cybercriminals can schedule the date and time to trigger the attack.
3. Smartphone-enabled: One can manage attacks through an Android or Apple smartphone.

In addition, the attackers can easily obtain various adapters to destroy the device via display port, HDMI port, micro USB, etc.

An American alumnus of St. Rose destroyed 59 computers and 7 computer monitors using the USB Killer. His offense damaged equipment worth $51,109. And the time it takes to find and replace damaged equipment costs $7,362.

USB killers are sold commercially online, so people can get their hands on them quickly. So, take the necessary steps to protect your device from USB killer attacks.

Is it possible to detect a USB killer device?

 

Unfortunately, you cannot distinguish a regular USB drive from a USB killer just by looking at it. You have to open the USB box to make that decision. A typical USB killer has several capacitors to store power from the USB port.

If you want to judge if a USB drive is a USB Killer without opening its case, you will need a USB killer detector.

However, the USB you just found in your garage may have been left there on purpose to carry out a USB Drop Attack.

So don't plug an unknown USB drive into your computer even if the device detects USB killer eliminating the possibility that it is harmful.

How to protect against USB Killer attack

Here are some ways to protect your hardware from USB killer attacks.

Absolutely do not use unknown USB

Unknown USBs pose a serious security threat to businesses and individuals alike. However, people still plug in the USB they find at random.

Researchers from the University of Michigan, the University of Illinois Urbana-Champaign and Google distributed about 297 USB flash drives on the university campus. In the published results, they reported that 45% of the USB was picked up and opened.

So it's no surprise that cybercriminals use USB to carry out USB Drop Attrack and USB Killer attacks. And the best way to protect against these USB-related threats is to forbid your employees from opening USB drives of unknown origin.

Cover the USB ports with the USB cover

Licking physical USB ports is a low-tech solution to prevent USB killer attacks. This is the only way to prevent harmful USBs from being inserted into the device.

Employees who need to plug in a company USB device must notify IT and ask the IT administrator to remove the cover. When the USB port is not opened, the USB cover will be repositioned.

Although disabling USB ports does not prevent USB Killer attacks, it can be a good strategy to prevent other USB attacks. Here's how you can disable the USB port on your Windows PC:

 

1. Press Windows + X , and then click the Device Manager tab .
2. Double-click the Universal Serial Bus Controllers option to expand it.
3. Right click on the USB port to open the context menu. Then, click the Disable option.

Go to Device Manager > Universal Serial Bus Controller and right click on the USB port to open the context menu. Select the Enable option to re-enable the USB ports on your PC.

If you must leave the USB port open, use the Type C port, as it provides cryptographic authentication to ensure no power or inappropriate data is transferred to the device.

Apple's latest operating system automatically blocks new USB-C devices from communicating with the operating system until the user approves the device.

Train your staff

Your employees play the most important role in preventing the USB killer from damaging your PC.

So, regularly organize cybersecurity awareness training programs in your company. Make your employees understand how dangerous it is to plug unknown USB drives into company computers.

They should know about USB killer in disguise, such as ionic air purifiers. In addition, you can regularly test your employees' readiness to resist USB Killer by testing USB drives on company premises.