USB Killer, a small device than can destroy virtually anything with a USB input, has resurfaced recently in its...
third version, and it is freely available for around $50. How does USB Killer v3 work? What's the best defense for this kind of threat?
Sometimes, the information security industry neglects the importance of physical security and hardware security. Both are critical in order to secure systems and maintain security over time. Regardless of how secure the software is, if physical or hardware security is compromised, then the security of the software will eventually be compromised by a dedicated attacker, as well. Physical and hardware security deficiencies in commodity hardware are highlighted by the production of USB Killer v3.
The USB Killer v3 device uses a standard USB connection, and looks like an ordinary USB thumb drive, but it is designed to draw electrical charge from a host system when plugged in, until a potential of -200 volts of direct current has been stored. The USB Killer v3 then discharges the stored electricity into the target device. Depending on the design of the target, this could burn out the USB port or damage the device sufficiently to render it inoperable.
USB Killer v3 can be purchased without any branding to reduce suspicion. USB Kill, the company selling USB Killer, positions its product as a legitimate tool for use in penetration testing.
Enterprises looking for a security response to the USB Killer v3 may be forced to accept the risk. Replacing existing hardware with proper USB circuitry to protect against this attack could be as expensive as buying new hardware.
An enterprise's best defense may be to only use USB hubs for connecting untrusted USB devices, or to use a USB data cable. In the event a USB Killer is plugged in, the hub would be burned out, rather the main device.
The USB Killer manufacturer also offers a protection device to use when plugging in untrusted devices.
Read how the USBee software tool turns USB devices into covert channels
Learn how to protect air-gapped systems from USB Thief stealth malware
Find out more about the different USB connector types available
Dig Deeper on Data loss prevention technology
Related Q&A from Nick Lewis
Researchers developed aIR-Jumper, an exploit that leverages lights within security cameras to extract data. Learn how this attack works and how to ...continue reading
The com.google.provision virus reportedly targets Android users, but little is known about it. Nick Lewis discusses the mystery threat and how Common...continue reading
A bug in Microsoft's Internet Explorer update exposes information that users enter into the browser's address bar. Learn more about the bug and URL ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.