The USB Killer exploits a vulnerability manufacturers haven’t bothered fixing.
Whatever you do, don’t mistake this USB stick for the one holding your Powerpoint.When plugged into any device, The USB Killer, released earlier this summer, rapidly draws power from the hardware, then returns that power in an overloading burst. According to the makers, this “instantly and permanently disables unprotected hardware.” Potential targets include not just PCs, but TVs, copy machines—anything with a USB port.
The device, marketed as a testing tool for administrators looking to protect their systems, sells for 49.95 Euros, or around $56 dollars. Demand has apparently been high, with the manufacturers reporting backorders.
Despite the obvious nefarious potential for the tool, its public release at least appears well-intentioned. The USB Killer was developed by a security hardware team based in Hong Kong, who first publicized the vulnerability it targets over a year ago, and developed an early prototype.
But the team was deeply frustrated to see manufacturers take little action on closing the vulnerability. According to the team, Apple is to date the only manufacturer that protects their devices against this so-called USB surge attack.
“Despite adequate warning, and time to respond,” the USB Killer team writes, “the majority of consumer-level hardware manufacturers choose not to protect their customer’s devices. We are disheartened by this lack of respect for customers.”
Raising awareness of the hardware vulnerability, they say, will motivate manufacturers to act—just as is the case with software vulnerabilities.
On their site, the manufacturers are clear that those outside of the security profession should only kill “their own devices.” For those who are the victim of malicious use of the device, they recommend “pursuing the individual responsible, or reporting the act to the appropriate authorities.”
“This vulnerability has been in the wild for years,” they add, suggesting that the bad guys would be able to blow up your laptop with or without the USB Killer.
0 Comments:
Post a Comment