USB Killer, a small device than can destroy virtually anything with a USB input, has resurfaced recently in its...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
third version, and it is freely available for around $50. How does USB Killer v3 work? What's the best defense for this kind of threat?
Sometimes, the information security industry neglects the importance of physical security and hardware security. Both are critical in order to secure systems and maintain security over time. Regardless of how secure the software is, if physical or hardware security is compromised, then the security of the software will eventually be compromised by a dedicated attacker, as well. Physical and hardware security deficiencies in commodity hardware are highlighted by the production of USB Killer v3.
The USB Killer v3 device uses a standard USB connection, and looks like an ordinary USB thumb drive, but it is designed to draw electrical charge from a host system when plugged in, until a potential of -200 volts of direct current has been stored. The USB Killer v3 then discharges the stored electricity into the target device. Depending on the design of the target, this could burn out the USB port or damage the device sufficiently to render it inoperable.
USB Killer v3 can be purchased without any branding to reduce suspicion. USB Kill, the company selling USB Killer, positions its product as a legitimate tool for use in penetration testing.
Enterprises looking for a security response to the USB Killer v3 may be forced to accept the risk. Replacing existing hardware with proper USB circuitry to protect against this attack could be as expensive as buying new hardware.
An enterprise's best defense may be to only use USB hubs for connecting untrusted USB devices, or to use a USB data cable. In the event a USB Killer is plugged in, the hub would be burned out, rather the main device.
The USB Killer manufacturer also offers a protection device to use when plugging in untrusted devices.
Read how the USBee software tool turns USB devices into covert channels
Learn how to protect air-gapped systems from USB Thief stealth malware
Find out more about the different USB connector types available
Dig Deeper on Data loss prevention technology
Related Q&A from Nick Lewis
The Fruitfly Mac malware has decades-old code, but has been conducting surveillance attacks for over two years without detection. Expert Nick Lewis ...continue reading
A Gmail phishing attack brought users to fake login pages designed to look like Google's. Expert Nick Lewis explains how users can prevent similar ...continue reading
A HummingBad malware variant, HummingWhale, was discovered being spread through 20 apps on the Google Play Store. Expert Nick Lewis explains the ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.