You know what it is like you are walking down the street and you spot a discarded USB stick lying on the floor. Now the good Samaritans among us may think about trying to return the USB stick back to its owner, and the nosey ones may want to see if there are any juicy photos or videos on it. But plugging in a USB stick you found into your computer could open you up to massive risks. Not only could the memory stick contain all manner of nasty viruses or malware there is a new threat which could completely destroy your computer in the form of a product from a Hong Kong company – USB Killer. The USB Kill looks like a standard USB memory stick but plugging this into your computer will fry the electronics in seconds. The device is actually marketed as a piece of diagnostic kit to test the surge protection of electronic devices by passing -200V of DC electricity down the USB port several times per second until either the device fails or the USB stick is removed. From the manufacturers own testing its usually the former as most devices fail the test and burn out. It’s not just PCs and laptops that the device can fry the manufacturer claims 95% of devices with a USB port are vulnerable, which is a large amount of modern tech including televisions, Blueray players, games consoles, HiFis and even industrial machinery and vending machines. USB Kill even supply adapter kits for micro USB and lightning connections for plugging the tester into smartphones and tablets.
The manufacturer produces the basic USB Kill tester kit for 13.95 euro which does not look like a regular USB stick and has the USBkiller branding and high voltage warning printed on it, so i think most people would be wary of plugging this into their USB port.
If you are willing to spend a bit more you can pick up the anonymous edition for 49.95 euro. This has no branding or warning and looks just like a regular USB stick. Now personally I cannot see any justification for buying the anonymous version other than to use it for unethical or illegal purposes. I am sure that the manufacturer has deliberately marketed it that way charging more and not having any label on it making it look like any USB stick. For a price of less than 50 euro it could be bought by a disgruntled employee to plugin to the computers at his place of work and brick the companies PCs causing distruption and financial cost to his employers. It could be posted to a former lover by a jilted ex-partner as an act of revenge to destroy their computer. An unscrupulous business could even send it to their competitors with a fake letter claiming to be some sort of firmware update for a vulnerable industrial machine potentially costing them thousands in lost orders and downtime.
The USB killer manufacturer claims that the tester has been created to highlight this vulnerability in USB devices. I feel that producing the anonymous USB killer version goes beyond that and is just irresponsible since so many electronic goods are vulnerable. Even if every electronic goods manufacturer were to protect against this in all their new items it would take many years before every device was updated or replaced. I know of businesses still using computing kit that is over 10 years old and they have no plans to replace it.
I think the best bit of advice we can all take from this is that if you find or are sent a USB stick that you weren’t expecting then DO NOT plug it into any of your devices.
Check out this video which shows the USB Killer being used on various devices such as laptops, phones, computers and T.Vs