Frågor och Svar med tillverkarna USB Kill

Frågor och svar med USB Kill, utvecklarna av USB Killer. OBS! Alla frågor och svar är på engelska och endast redigerade för lättare förståelse.

We can see some motherboards in the Wiki at USB Kill that have been tested and is not damaged by USB Killer 2. Do you know why they manage to survive this test?

USB Kill: There is a component specifically designed to prevent power spikes: The opto-coupler / opto-isolator (https://en.wikipedia.org/wiki/Opto-isolator)Essentially, it’s a component that converts the signal data into light, and then has a light-sensitive receiver on the other side, so there is actually an air-gap between the ‘public’ side of the system, and the ‘secure’ side of the system.

These have a lot of industrial applications, and can protect up to 11kV. They also come in all shapes and sizes, ranging from SMD size to big, with price ranges from 5c upwards.

The MacBook / iMac protection found on all 2015 + models uses opto-isolators. It’s a very economic, very simple solution – and is part of the reason why the USB Killer was release publicly.

Under standard ‘responsible disclosure’ ethics, one is expected to wait until a solution is available and implemented before releasing a POC – this is exactly what we did.

From that point, it’s manufacturer choice if they protect their customer’s investment or not.

Quite a few of our readers is wondering how to protect themself during a LAN Party like DreamHack when not at their computer. Can you give them a couple of advices on how to minimize the risk of being exposed of an attack?

USB Kill: As it’s a LAN gathering, and most people will have towers, I would simply disconnect the USB cable from inside the case, or disconnect the data-lines (so the USB power would still run).

Will a Type-C USB Killer kill a phone completely or only its charging port as it seem to do know with most type-c adaptors?

USB Kill: The problem with most adaptors is that the adaptors themselves have electronics in them – which are the first to fail, which is why we’ve been developing and testing our own.

If the adaptors survive, it seems a common theme in phones is that the USB port / charging module itself dies, condeming the phone to a slow death. We’ve had a few reports on the wiki about this.

We managed to completely kill an iPhone 5C last week (the 5C uses a lightning port). We’ll be testing the iPhone 7 as soon as it arrives, and a few of the latest generation USB-C devices as well.

A lot of people have been pretty upset about USB Killers existance and mean that the device it self just have caused a problematic situation that wouldnt have existed otherwise. Can you please give us/readers a comment about that?

USB Kill: We firmly believe we adhered to industry standard rules of responsible disclosure in releasing the USB Killer.

As noted, we waited not only 1 year after the initial disclosure, but also for a leading manufacturer (Apple) to implement the fix into its systems. Furthermore, as a solution is readily and cheaply available, the only conclusion we can draw from the lack of industry-wide adoption is laziness or lack of respect for customer investment.

We’ve seen a spate of physical device POCs recently – the Chrysler remote control exploit via the CAN-BUS systems notably. Without the public disclosure, the issue would have probably never been addressed.

Finally – the general public are not powerless. It has been repeated over and over: Do not plug in untrusted devices. Physically protect your systems – treat your hardware and systems with the respect they deserve.

Video: Vi försöker döda Microsoft Surface med USB Killer 2.0

Contents

Subscribe
Notifiera vid
4 Comments
äldsta
senaste flest röster
Inline Feedbacks
View all comments
7 Årtal sedan

Har inte ASUS Z89 ESD-guards som ska skydda mot just överspänning till komponenter?

7 Årtal sedan
Reply to  Anton Karmehed

Är svårt att kolla utan fullständigt moderkortsnamn, men vid en kontroll på deras hemsida på Z87’or nämns ESD-guards på de olika moderkorten iaf. 🙂

Var mer en tanke om det kan påverka. 🙂

Everest159
7 Årtal sedan

Jag tror normalt överspänningsskydd är typ esd skydd, ofta ett till ett par tusen volt men denna usbkiller har betydligt högre ström vilket få kretsar klarar.
Att placera optokopplare som standard ser jag som överflödigt om man inte räknar med sabotage (eller kopplar in prototyp utrustning som inte är ordentligt skyddat).
Som nämnts i artikeln så klarar dem flesta moderkort kortslutning, det räcker långt.
Men usb killer kanske säljer optok med?