Frågor och Svar med tillverkarna USB Kill

Frågor och svar med USB Kill, utvecklarna av USB Killer. OBS! Alla frågor och svar är på engelska och endast redigerade för lättare förståelse.

We can see some motherboards in the Wiki at USB Kill that have been tested and is not damaged by USB Killer 2. Do you know why they manage to survive this test?

USB Kill: There is a component specifically designed to prevent power spikes: The opto-coupler / opto-isolator (https://en.wikipedia.org/wiki/Opto-isolator)Essentially, it’s a component that converts the signal data into light, and then has a light-sensitive receiver on the other side, so there is actually an air-gap between the ’public’ side of the system, and the ’secure’ side of the system.

These have a lot of industrial applications, and can protect up to 11kV. They also come in all shapes and sizes, ranging from SMD size to big, with price ranges from 5c upwards.

The MacBook / iMac protection found on all 2015 + models uses opto-isolators. It’s a very economic, very simple solution – and is part of the reason why the USB Killer was release publicly.

Under standard ’responsible disclosure’ ethics, one is expected to wait until a solution is available and implemented before releasing a POC – this is exactly what we did.

From that point, it’s manufacturer choice if they protect their customer’s investment or not.

Quite a few of our readers is wondering how to protect themself during a LAN Party like DreamHack when not at their computer. Can you give them a couple of advices on how to minimize the risk of being exposed of an attack?

USB Kill: As it’s a LAN gathering, and most people will have towers, I would simply disconnect the USB cable from inside the case, or disconnect the data-lines (so the USB power would still run).

Will a Type-C USB Killer kill a phone completely or only its charging port as it seem to do know with most type-c adaptors?

USB Kill: The problem with most adaptors is that the adaptors themselves have electronics in them – which are the first to fail, which is why we’ve been developing and testing our own.

If the adaptors survive, it seems a common theme in phones is that the USB port / charging module itself dies, condeming the phone to a slow death. We’ve had a few reports on the wiki about this.

We managed to completely kill an iPhone 5C last week (the 5C uses a lightning port). We’ll be testing the iPhone 7 as soon as it arrives, and a few of the latest generation USB-C devices as well.

A lot of people have been pretty upset about USB Killers existance and mean that the device it self just have caused a problematic situation that wouldnt have existed otherwise. Can you please give us/readers a comment about that?

USB Kill: We firmly believe we adhered to industry standard rules of responsible disclosure in releasing the USB Killer.

As noted, we waited not only 1 year after the initial disclosure, but also for a leading manufacturer (Apple) to implement the fix into its systems. Furthermore, as a solution is readily and cheaply available, the only conclusion we can draw from the lack of industry-wide adoption is laziness or lack of respect for customer investment.

We’ve seen a spate of physical device POCs recently – the Chrysler remote control exploit via the CAN-BUS systems notably. Without the public disclosure, the issue would have probably never been addressed.

Finally – the general public are not powerless. It has been repeated over and over: Do not plug in untrusted devices. Physically protect your systems – treat your hardware and systems with the respect they deserve.

Video: Vi försöker döda Microsoft Surface med USB Killer 2.0

Innehåll

4
Leave a Reply

Please Login to comment
2 Comment threads
2 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
3 Comment authors
Anton KarmehedEverest159 Recent comment authors
  Subscribe  
senaste äldsta flest röster
Notifiera vid
Medlem

Har inte ASUS Z89 ESD-guards som ska skydda mot just överspänning till komponenter?

Everest159
Medlem
Everest159

Jag tror normalt överspänningsskydd är typ esd skydd, ofta ett till ett par tusen volt men denna usbkiller har betydligt högre ström vilket få kretsar klarar.
Att placera optokopplare som standard ser jag som överflödigt om man inte räknar med sabotage (eller kopplar in prototyp utrustning som inte är ordentligt skyddat).
Som nämnts i artikeln så klarar dem flesta moderkort kortslutning, det räcker långt.
Men usb killer kanske säljer optok med?