Don’t trust other people’s USB flash drives, they could fry your laptop

13 Mar 2015 | Author: | No comments yet »

Don’t trust other people’s USB flash drives, they could fry your laptop.

Have you ever heard stories about malicious USB thumb drives frying laptops and thought they were far fetched? If you’re a mischief-maker of a certain age, you’ll remember the idea of the floppy disk bomb, a specially engineered floppy disk that would supposedly melt inside an enemy’s drive.Security experts have been warning for years about the dangers of USB sticks as a conduit for malware, but a Russian researcher has bragged about coming up with a more direct method for borking a computer – with old-fashioned electricity. The idea is cunningly simple but fiendish, and reminds us of the Etherkiller: the researcher, nicknamed Dark Purple, broke up a standard USB stick, and installed an inverting DC-DC converter and some capacitors bought from a Chinese website. The “USB Killer” device was created by a do-it-yourself hardware enthusiast who described his project, complete with pictures and technical details, on a Russian blogging platform in February.

Perhaps unsurprisingly, though, the National Security Agency’s creations are just the tip of the iceberg when it comes to dongles with nefarious programming. An article about the bomb-drive—first posted on the Russian website Habrahabr by its designer, and then translated into English on Kukuruku Hub—describes its design and intended effect, fortunately without going into the details of how to make one. Thinking that the USB would have some essential data this thief inserted the USB flash in his laptop and within a matter of few minutes half laptop was totally burnt down. The idea, roughly, is to fill a standard-looking USB case with hardware that will pulse a high-voltage charge into a USB port and just fry everything nearby.

This continues until the capacitors are down to -7V, at which point the DC-DC converter is switched back on, and begins to charge the capacitor bank for the next cycle. The dongle, which the anonymous engineer has disguised as a thumb drive, cleverly circumvents the self-preservation mechanisms of USB ports by using a power converter and transistor. He is said to have related a weird story, from which he might have obtained inspiration to make his own “USB bomb”, that goes as follows: A man walking in the subway stole a USB flash drive from the outer pocket of someone else’s bag.

The power is then sent back into the USB interface via a transistor and the process is repeated in a loop. “The combination of high voltage and high current is enough to defeat the small TVS diodes on the bus lines and successfully fry some sensitive components—and often the CPU,” hardware hacking site Hackaday reports. “USB is typically integrated with the CPU in most modern laptops, which makes this attack very effective.” The creator of USB Killer, who uses the online alias Dark Purple, claims to work for a company that manufactures electronics and said that he ordered the custom printed circuit board and other components he needed for the project from China. Normally, shorting the power and ground circuits of a USB together will trigger a built-in protection against static electricity, but the dongle’s transistor is able to transfer voltage from built-in capacitors to avoid shutoff. Seems to be an unusual concept taken directly from a fiction movie and the idea can be used by some hackers to get a remote computer or Laptop burnt half down. Security researchers have long warned about the security risks of inserting other people’s USB drives into your PC, and even those from people you do trust.

But the device has the potential (no pun intended) to fry not only the USB port, but possibly other components on motherboards, and even the CPU itself. “I’m not going to talk to you about the application area, but a former colleague says that it’s like an atomic bomb: cool to have, but can not be applied,” Deep Purple said. Since he worked in a firm which manufactures electronics he had plenty of opportunity to built a personal Killer USB drive and even had a circuit ready for this concept. Once the caps are discharged, the supply fires back up and the cycle repeats until the computer is fried (typically as long as bus voltage is present).

Either way, folks in the comments are clamoring to buy one on Kickstarter, and I’m suddenly a little more wary to just go around jamming strange thumb drives in my ports. I‘ll explain to others that negative voltage is easier to commutate, as we need the N-channel field resistor, which, unlike the P-channel one, can have larger current for the same dimensions. Another such attack was demonstrated by a security firm in 2014 on an Apple’s Mac computer: temperature controls were manipulated and the computer was made to catch fire.

Here you can write a commentary on the recording "Don’t trust other people’s USB flash drives, they could fry your laptop".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site