Plugging in random USB sticks in your computer has never been more dangerous, as a researcher who goes by the name Dark Purple has demonstrated his new device: USB Killer 2.0.
When plugged into a computer, the deadly USB draws power from the device itself. With the help of a voltage converter the device’s capacitors are charged to 220V, and it releases a negative electric surge into the USB port.
This surge “fries” the USB port and, in the researcher’s demonstration, the motherboard – perhaps not always after the first surge, but the malicious USB device repeats the process until no more power can be drawn.
He noted that it’s unlikely that the hard disk and the information on it was damaged.
“In my experience and testing, most systems have the USB 5v supply isolated from other supplies so the hard drive, cpu, memory and other components will still work, but the mainboard and itself is not going to boot again without replacing the PCH, power regulation, and several supporting components,” Joe Fitzpatrick, consultant and researcher at SecuringHardware.com, commented on Ars Technica’s site.
“Some newer platforms have the CPU and PCH in a single chip, I expect that the whole chip would be fried in that case. My reading of USBKiller 2.0 is that the -220V is applied to the USB data pins. This results in just the USB controller, again likely just the PCH, getting fried. It is less likely to harm the other components in the system.”
The attack is not limited to computers, Dark Purple says. The device is able to incapacitate almost any equipment equipped with USB Host interface – phones, routers, modems, TVs, etc.
“The design for a USBkiller is pretty simple for anyone familiar with power regulation circuitry, there’s no doubt in my mind that it’s doable. But it’s probably a good thing no design details have been published,” concluded Fitzpatrick.
Dark Purple was also the creator of the first iteration of USB Killer, which pumped 110 volts into the target devices.