Page 1 of 1

USB Killer 2.0 - 220V

Posted: Thu Oct 15, 2015 7:12 pm
by Karl Klammer
Just stumbled upon this via Slashdot: http://www.net-security.org/secworld.php?id=18983
TLDR: USB stick drains 5V power from USB port in order to release a concentrated 220V burst back into the circuitry.

So, this particular attack could easily be circumvented by just disabling USB ports within the BIOS. (no power flowing - the killer stick won't be charged)
Disabling these ports seems to be a good idea anyway, considering the raise of DMA-based attacks like BadUSB and Firewires Inception.

As I know that Toughbooks tend to decouple ports from the mobo by means of daughterboards,
I cannot stop wondering if the cf19/31/u1 could survive with enabled USB / against a pre-charged killer stick.

What's your experience on electrical protection (fuses?) between mobo and daughterboards of fully rugged TBs?
Does the 461f emi/emp testing help in any way? (guess not)

BR,
Karl Klammer

Re: USB Killer 2.0 - 220V

Posted: Fri Oct 16, 2015 12:43 pm
by wyrm73
Another feature that makes me wonder right along with you is the fact that the USB ports on Toughbook have fuses. I think 220V would be able to arc regardless, but it would be an interesting experiment. And no, I am not volunteering any of mine to try it. :)

Re: USB Killer 2.0 - 220V

Posted: Fri Oct 16, 2015 1:20 pm
by ADOR
Now where can we buy one? lol

Re: USB Killer 2.0 - 220V

Posted: Fri Oct 16, 2015 3:12 pm
by wyrm73
And we have a volunteer... lol.

Re: USB Killer 2.0 - 220V

Posted: Fri Oct 16, 2015 5:56 pm
by ADOR
I am sure there is a Dell in the shed just waiting for this. I think I have a spare 73 board and a bios protected Mk1 74 that is stripped.

Re: USB Killer 2.0 - 220V

Posted: Fri Oct 16, 2015 6:44 pm
by Shawn
We will be waiting for the video...

Re: USB Killer 2.0 - 220V

Posted: Sat Oct 17, 2015 6:05 pm
by ADOR
Got to get it first, lmao, I see some diagrams, but that is it so far.

Re: USB Killer 2.0 - 220V

Posted: Sun Oct 25, 2015 3:32 am
by ares93
We just pour non conductive hot glue into the USB ports at work. Course, the bluetooth modules are still active and visible, so i have no idea what use it is to disable physical access but whatever.

Re: USB Killer 2.0 - 220V

Posted: Sun Oct 25, 2015 12:52 pm
by CliC
USB, unlike Firewire and Thunderbolt, doesn't do DMA (though that may have changed with version 3.1, I haven't checked). However, BadUSB was insidious nonetheless because it involved subverting the firmware in the microcontroller on the stick, making it unremovable and undetectable by the user. Since most peripherals nowadays have embedded 10-cent microcontrollers (SSDs, hard disks, USB sticks and memory cards, you name it), this is going to be an ongoing, serious problem.

A "taser" stick, though? Wow, that's just mean :)