A commercial device known as USB Killer 2.0 allegedly has the ability to fry a number of electrical devices by sending an electrical charge to a public-facing USB port.

According to USBKill.com, a company based in Hong Kong that designed the device, USB Killer 2.0 works by collecting power from the USB power lines (5V, 1 - 3A) until it reaches ~ -240V. It then begins discharging its stored voltage multiple times per second.

The recharge/discharge cycle lasts as long as USB Killer 2.0 is connected to a USB port. Indeed, it will continue until it can't discharge any longer, that is, when the device has damaged its host's circuitry.

The demonstration video seems to speak for itself:

We already knew USBs could help bad actors compromise air-gapped computers. Even so, this device takes USB-based attacks to a whole knew level.

In a series of tests against laptops and other devices with USB ports, the creators of USB Killer 2.0 found that 95 percent of devices were vulnerable to being "damaged permanently or completely destroyed by a USB power surge attack." The only product that withstood USB Killer 2.0 was the latest MacBook model because it optically isolates the data lines on USB ports.

Such an overwhelming success rate makes the device's developers hopeful that pentesters and other security researchers will use USB Killer 2.0 to enhance the security of other electrical products:

"Any public facing USB port should be considered an attack vector. In data security, these ports are often locked down to prevent exfiltration of data, or infiltration of malware, but are very often unprotected against electrical attack!

"Hardware designers/testers of public machines: photo booths, copy machines, airline entertainment systems, ticket terminals, etc ­ with exposed USB ports should ensure that their systems resist electrical attacks via the USB port. Likewise, hardware designers of private machines: cellphones, laptops, televisions, portable devices ­should protect their devices against malicious attacks."

USB Killer 2.0 is on backorder as of this writing. You can pre-order your device for a little more than 56 USD.


Related Articles:

USBHarpoon Is a BadUSB Attack with A Twist