USB Killer, a small device than can destroy virtually anything with a USB input, has resurfaced recently in its...
third version, and it is freely available for around $50. How does USB Killer v3 work? What's the best defense for this kind of threat?
Sometimes, the information security industry neglects the importance of physical security and hardware security. Both are critical in order to secure systems and maintain security over time. Regardless of how secure the software is, if physical or hardware security is compromised, then the security of the software will eventually be compromised by a dedicated attacker, as well. Physical and hardware security deficiencies in commodity hardware are highlighted by the production of USB Killer v3.
The USB Killer v3 device uses a standard USB connection, and looks like an ordinary USB thumb drive, but it is designed to draw electrical charge from a host system when plugged in, until a potential of -200 volts of direct current has been stored. The USB Killer v3 then discharges the stored electricity into the target device. Depending on the design of the target, this could burn out the USB port or damage the device sufficiently to render it inoperable.
USB Killer v3 can be purchased without any branding to reduce suspicion. USB Kill, the company selling USB Killer, positions its product as a legitimate tool for use in penetration testing.
Enterprises looking for a security response to the USB Killer v3 may be forced to accept the risk. Replacing existing hardware with proper USB circuitry to protect against this attack could be as expensive as buying new hardware.
An enterprise's best defense may be to only use USB hubs for connecting untrusted USB devices, or to use a USB data cable. In the event a USB Killer is plugged in, the hub would be burned out, rather the main device.
The USB Killer manufacturer also offers a protection device to use when plugging in untrusted devices.
Read how the USBee software tool turns USB devices into covert channels
Learn how to protect air-gapped systems from USB Thief stealth malware
Find out more about the different USB connector types available
Related Q&A from Nick Lewis
A new remote access Trojan called UBoatRAT was found spreading via Google services and GitHub. Learn how spotting command-and-control systems can ... Continue Reading
CyberArk researchers created an attack called Golden SAML that uses Mimikatz techniques and applied it to a federated environment. Learn more about ... Continue Reading
The use of botnets to spread Scarab ransomware intensifies the threat for enterprises. Discover the best way to respond to such a threat and protect ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.