USB sticks have long been a mechanism for delivering malware to unsuspecting computer users. A booby-trapped flash drive, for example, was the means by which the US and Israel reportedly contaminated Iran’s Natanz uranium enrichment facility with the Stuxnet worm. And, in case anybody thought USB stick attacks had lost their novelty, last year’s Bad USB proof-of-concept exploit delivered a highly programmable attack platform that can’t be detected by today’s defenses.
Now, a researcher who goes by the identify Dark Purple has created a USB stick that completely destroys a lot of the computer’s actual hardware circuits, rendering the machine little more than an expensive doorstop. Within a couple of seconds after being plugged in, the USB stick delivers a negative 220-volt electrical surge into the USB port. 😯 Negative because usually most chips inside a computer have over-voltage or surge protection for positive voltages. As the video below demonstrates, that is sufficient to permanently damage the IBM’s Thinkpad Laptop receiving the shock.
As you can see, the USB stick seems like a regular thumb drive, and there aren’t any outward indicators it is malicious. However the USB Killer 2.0, as its creator calls it, takes computer attacks on a much less-traveled highway that results in physical destruction. Based on this post from The Daily Mail, an earlier and less powerful model of the USB device drew power from USB ports utilizing a DC-to-DC converter until it reached negative one hundred volts. At that point, the power was directed into the pc. The process ran on a loop till the circuitry failed. It is very likely that Version 2.0 works in a similar fashion.