Implementing NIST 800-171 to Manage & Measure Cybersecurity Efforts Read more
It sounds like the premise for a bad horror movie, but it’s not. The USB Kill Drive can reportedly fry an entire laptop or PC utilizing some kind of “worse-than-ransomware” nightmare program. It’s also known colloquially as a “kill stick,” and there are verified reports of this malicious USB drive being able to kill any PC or device it’s plugged into in a matter of seconds. Killing the innards, that is, not literally melting it down. ZDNet is even reporting that you can buy a USB PC killer “for just a few bucks” (actually, more like $50). Nice. And who is selling this computer-destroying USB drive, you might ask? Well, apparently a Hong Kong company named USBKILL.com developed it, announcing their new product in an August 16 press release on their website.
So, why on Earth would anyone outside of the most malicious hacker stoop to create something like this? Well, it appears the aforementioned maker of the device created it to demonstrate how hopelessly vulnerable “public facing USB port[s]” are to malicious attacks – such as the one they created, ironically. They name copy machines and even airline entertainment systems in their report on this apparently universal security flaw. They also cite electrical attacks as being a possible culprit, along with the hacker and his “kill stick,” or, presumably, a similarly-developed device.
To quote from the USBKILL.com press release:
“Hardware designers/testers of public machines: photo booths, copy machines, airline entertainment systems, ticket terminals, etc. with exposed USB ports should ensure that their systems resist electrical attacks via the USB port. Likewise, hardware designers of private machines: cellphones, laptops, televisions, portable devices should protect their devices against malicious attacks.
Penetration Testers and security auditors should include the USB kill 2.0 to their arsenal of testing tools.”
The USB kill devices are currently selling for 49,95 €, or around £42.00, or $56.00 on the USBKILL website. But, one must wonder, are they comprehensively tracing the sales of these things, like weapons? They are offering it as part of a kit called USB Killer Protection Shield, which allows for the testing of USB vulnerability to occur on the device without the actual results of destroying a PC’s innards taking place.
Interestingly, the only hardware to date that has resisted the USB Kill 2.0 device has been the new-generation MacBooks, which “optically isolate the data lines on the USB ports,” according to the USBKILL press release. Is all of this just an advertisement for MacBooks? Will it end up giving malicious hackers the bad idea that the USBKILL people were attempting to prevent in the first place? Hopefully, the sale of these kill drives will only make it into the hands of well-meaning and responsible IT diagnosticians, and not those of evil hackers.