What Is a USB Killer Attack
Table of Contents
- By Greg Brown
- May 15, 2023
From the beginning of the computer revolution, there has been a smorgasbord of devices and peripherals, with some DOA and others innovative and groundbreaking. Thumb drives or USB Flash Drives were created in the early 80s, with the first commercially available drive holding 128MG. Cutting-edge USB drives of today hold 20Terabytes and up.
Unfortunately, cunning hackers consider anything electronic as fair game. Thumb drives represent an easy way for attackers to access a network. When the drive is plugged in, a download begins, with malware code designed to devastate various computer systems. Again, unwitting users insert the drive if it arrives in the mail unannounced or appears on their desk. This attack starts the same way as an email phishing assault.
USBKILL V.4 is a USB drive laden with capacitors. The drive is modified to send a 210 - 220 volt electrical surge to a data line overpowering any electronic device. Some USBKILL devices can stay unplugged for up to 200 days and still deliver a significant charge. The USB Killer V4 has evolved from a simple plug-in and zap device to a dangerous thumb drive with a remote trigger.
What is the Point of USBKill?
USBKill V.4 is used for stress testing hardware. Power is taken from the USB port when the device is plugged in. A single or continuous pulse is discharged in data lines. The discharge will disable or fry the unprotected device.
USB stress testing is used by law enforcement, industrial clients, and hardware manufacturers. There are three versions of the industrial USB Killer.
- Classic is the original USB device with V4 added for stability.
- A basic edition carries an internal battery and is used for offline attacks.
- The professional version is wireless, remote, and smartphone-controlled.
Companies manufacturing the device have significant safeguards to keep the USBKILL out of dangerous hands. However, nothing will stand in their way if a hacker truly wants an industrial-strength USBKILL.
Sensitive data controlled by governments, industrial, and wealthy individuals might use a USBKILL drive as a Kill Switch. If a USBKILL is installed on a network or computer system and it comes under attack, owners can remotely trigger the device into action.
How to Use USBKILL V.4?
The PRO version of a USBKILL V.4 device has multiple trigger and delivery modes. The device can send a single pulse with five separate discharges through the USB port. Or a continuous pulse that does not stop until told to do so.
Each USBKILL device has one or several trigger modes configured through an Android or IOS app.
- A remote trigger is a single or continuous attack with a range of 100m.
- Smartphone triggers are sophisticated attack vectors giving hackers complete control.
- Time attacks can be scheduled through a smartphone app for up to 200 days or more.
- Classic triggers are activated as soon as the device is plugged in.
What Is a USB Killer Attack?
Malicious USBKILL devices are designed to obliterate a connected device, not save the data. The USBKILL software is available from GitHub if you want to destroy your computer.
Large, well-organized global hacking groups have used infected USB drives for some time. Drives are purchased for pennies, infected, and sent out to unsuspecting people. The FBI has warned of hackers sending out poisonous USB drives, targeting large corporations, government infrastructure, and more. Hacking groups Qlocker and Blackmatter use USB drives for ransomware operations, extorting millions.
How Hackers Use BadUSB Attacks?
BadUSB attacks exploit inherent flaws in a USB stick’s firmware. The attack rewrites the firmware code and tells it to act as a human interface device. Once overwritten, the USB drive is used as a keyboard with hackers in charge. The thumb drive can be told to run malicious programs in the background.
Karsten Kohl, a German Cryptographer, says, “These problems can’t be patched. We’re exploiting the very way that USB is designed.”
The USB microcontroller tells the drive to identify what it is plugged into. Once that information is obtained, the hacker reverse engineers the device to insert the malicious code. Hackers use automated keystrokes in PowerShell commands to gain access and deploy ransomware attacks.
The FBI has again warned public companies that dangerous USB sticks branded LilyGo have been mailed out to defense, industrial, and insurance industries. Drives were configured to register as a keyboard.
Several attack tools are downloaded with the LilyGo USB device. Tools include ransomware strains BlackMatter and REvil ransomware-as-a-service mechanism. BlackMatter is the rebrand of the DarkSide ransomware gang.
DarkSide lays claim to the ransomware attack on the Colonial Pipeline, one of the largest in the US. No concrete details are available on the attack vector, with most speculating it was an unpatched system vulnerability. The attack began with either a phishing email or probably a USBKILL V.4 device.
Building an effective yet crude USB Kill device is simple, only needing a FET (field-effect transistor) high voltage caps, a DC/DC converter, and a USB connector. This type of USB drive is designed only to destroy a computer and nothing else.
USB Killer drives can be disguised as air ionizers or fans and can easily fool unwitting users. The power of a USB Kill device is in its simplicity and ability to inflict massive damage. As stated earlier, the device is not malware or sophisticated equipment, just a USB drive that delivers a sudden high-voltage charge to the USB port.
How to Protect Yourself from USB Killer Attack?
Combating a USBKILL device takes low-tech solutions. Group policies, software protection, and end-point management procedures do not work. Anyone with a workable USBKill drive can plug it into a port and destroy a computer.
The easiest way is to cap the USB drive, the only physical means to stop the device. The inconvenient truth, capping all the drives prohibits the normal and legitimate use of a thumb drive. Another infinitely unpopular way to deter a person from inserting the device is to disable all USB ports.
This is a warning; never, ever insert an unknown USB thumb drive into your computer!