back to article Forget viruses: Evil USB drive 'fries laptops with a power surge'

Security experts have been warning for years about the dangers of USB sticks as a conduit for malware, but a Russian researcher has bragged about coming up with a more direct method for borking a computer – with old-fashioned electricity. The idea is cunningly simple but fiendish, and reminds us of the Etherkiller: the …

Page:

  1. Anonymous Coward
    Anonymous Coward

    Just that basic description is enough of a start to any real electronic engineer.

    1. Adam Foxton
      Happy

      A salt and battery

      What Electronic Engineer worth their salt hasn't already though of doing this, far past that basic description?

      Didn't BOFH do this many years back? Except with a Laptop full of batteries?

      1. Anonymous Prime
        Flame

        RICH, CHUNKY VOLTS

        >>Didn't BOFH do this many years back? Except with a Laptop full of batteries?

        From "The Bastard Goes to the Trade Show":

        "The 31 hefty nicad batteries that make up almost the entire inside of my 'laptop' pour grunt into a tripling inverter which in turn supplies RICH, CHUNKY VOLTS to alternate pins on the 'SCSI' bus, whilst emitting a dull 'uuurk' sound."

        I'm still waiting for the opportunity to use the phrase "RICH, CHUNKY VOLTS" somewhere in my life. This doesn't count.

      2. RobHib
        Devil

        @Adam Foxton -- Re: A salt and battery -- JUST BEGINNERS!

        Ever had a piece of electronic gear that's been returned under warranty many times and the intermittent fault still remains, and whatever you do you can't get the service company to (a) believe you and (b) actually fix the problem?

        Solution: Just stick the PWA/circuit board in the microwave and problem solved. Next time it's returned, they'll either fix the gear properly or replace it. Fixing the gear properly means completely replacing the offending PWA.

        NOW, BEGINNERS DON'T RUSH OFF!

        You have to know what you are doing or you'll brick it in such a way that you won't be able to take advantage of your warranty. If you don't know what you are doing don't do it. And worse, if your Mrs catches you there'll be hell to pay. You'll be blamed forever and a day about the smelly microwave tainting the food (it's nonsense of course unless you're stupid and overdo it).

        1. First, calibrate your microwave on some known old disposable circuit board.

        2. About 3-4 seconds of microwave energy is all you need. Any more and you'll blow the ICs to smithereens, the cases will explode and little craters will appear in the tops of the ICs near the Si chips. Such damage is even evident to room-temperature IQ types, they won't usually blame you but they'll say lightening struck it and won't honour the warranty.

        3. Done properly, the PWA will show absolutely no signs of damage whatsoever but the majority of the ICs will be totally stuffed internally—the professional term for such damage is BER (Beyond Economic Repair).

        4. Never put a whole laptop in microwave, it's possible the damage to the electronics could short the battery (we don't want any loud bangs, now do we?) Also, the screen will go motley and be obvious.

        5. The quickest way to brick a laptop without being obvious is to expose the circuit board/PWA and run a wide metal contact down the CPU support chips with the power still on (you're very unlikely to blow the battery because on-board fuses and safety stuff in the battery will stop excess currents. It's often best to get a techie to do it, he'll know how to do it without marking the solder pads (thus leaving traces).

        (In the past, I've had to do this legitimately to get rid of old corporate laptops.)

        6. There's much more, but that's secret!

        REMEMBER. DO NOT DELIBERATELY SCREW UP EQUIPMENT BELONGING TO OTHERS! (THERE ARE MANY RULES ABOUT IT.)

    2. Irongut

      Yup even the picture was enough to make me say "oh he's put a load of capacitors in it... I know how this works" and I was right. 15 year old me would have had a field day with this, no school computer would have been safe!

      1. John Brown (no body) Silver badge

        "15 year old me would have had a field day with this, no school computer would have been safe!"

        A bit of silver foil shoved into a USB port shorting out the pins is enough to stop a PC booting. I'm not sure if it can permanently harm it, but in this one case the PC was working again once we identified the cause and removed the offending conductive material from the socket.

    3. BillG
      Black Helicopters

      Just that basic description is enough of a start to any real electronic engineer.

      That's what I was thinking. You've got small SMPS chips today that don't need an external inductor, and high density supercapacitors that can fit inside a medium to large USB stick.

      There's plenty of you software developers out there but it's us hardware engineers that keep the real secrets.

  2. MrDamage Silver badge

    BOFH Potential?

    Instead of frying the USB circuitry, perhaps it could be modified to fry the user as they attempt to unplug the device.

    Simon and the PFY would have some fun with these no doubt. Introducing a whole new generation of users to the thrilling kiss of the cattleprod, without even having to be in the same room.

    1. Anonymous Coward
      Anonymous Coward

      Re: BOFH Potential?

      Wouldn't that take all of the fun out of it?

      1. MrDamage Silver badge

        Re: BOFH Potential?

        Not really.

        I would think it's adding some more fun into the equation. Nothing quite like lulling the user into a false sense of security, thinking the weilder of the dreaded cattle prod is across the road in the pub, when suddenly.....FZZZZZZZZT!

  3. Anonymous Coward
    Anonymous Coward

    does it still function as a usb device?

    Or does it work, ha ha, in less than 5seconds?

  4. Tromos
    Joke

    -110V?

    Is there a -230V version for the UK/EU market?

    1. harmjschoonhoven
      Devil

      Re: -110V?

      A Tesla-coil? 7kV AC out, for a starter.

  5. Mage Silver badge
    Mushroom

    You can fit a 600V flash gun electronics in a WD passport box. With its own pair of alkaline AA cells.

    1000uF charged to 600V is a bit more severe than 8uF @ 110V

    just sayin'

    Not sure if devil icon, flames, troll, coat or nuke icon.

    1. FrankAlphaXII

      >>Not sure if devil icon, flames, troll, coat or nuke icon.

      All of the above? It sounds like it would be fun (to watch) anyway.

      1. Anonymous Coward
        Anonymous Coward

        Once I had a compact camera that was left with us a "not worth repairing due to visible sand" being fairly technically minded I thought it was a shame to chuck this branded device so I carefully dissembled it to try clean it. At some point my hand fell across the flash circuit and my arm involuantarily straightened in a trully impressive way throwing the camera with such force against the far wall that it exploded in a hail of bits. Part funny part painful, good lesson on the residual danger of chunky capacitors and devices that have not been powered up recently.

  6. Anonymous Coward
    Trollface

    Hooo ha ha ha ho ho ho

    Joker worms his way into the batcave, sticks a USB dongle into the batputer

    Batputer fries Joker to a crisp.

    "Ho ho this, clown"

    Because, well, Batman.

  7. E 2

    FFS. Using high voltage to "attack" computer is hardlly worthy of note and boost convertors are a dime a dozen in bulk. Must be a slow new day.

  8. Simon Harris

    Other USB devices could contain larger capacitors.

    The Mouse That Roared, perhaps?

  9. goldcd

    I appreciate the high voltage warning

    he's printed onto the board. Heath and Safety is *always* important

  10. David Pollard

    Maybe this is something of a scare story intended to put people off using the anonymous USB letterboxes that have been appearing of late.

    http://gizmodo.com/5677377/theres-a-usb-stick-in-my-brick-wall

    Presumably we will soon see connectors with diodes and fuses appearing as an appropriate accessory.

    1. wayne 8

      USB in the wall, equivalent of a glory hole or bath house.

      Nothing like the anonymous exchange of bits to spread a virus.

      1. Joe Harrison

        Re: USB in the wall, equivalent of a glory hole or bath house.

        New York must be a safe and orderly place; round here the youf would bash em off the wall before the cement was dry.

  11. Robert Helpmann??
    Childcatcher

    Like Unicorns and Fairies

    I have heard over and over not to put untrusted USB drives in my computer and have heard all sorts of anecdotal examples of "this guy did it and it led to ruination and woe." I have yet to come across a USB stick left next to my car in the parking lot or been given one at a trade show. Stuxnet aside, does this ever actually happen? I deal with malware and a variety of attacks often enough, but never this sort of thing. Are such attacks more prevalent elsewhere or is this simply a threat that gets more attention because it sounds cool to do?

    1. herman

      Re: Like Unicorns and Fairies

      It is like pins in halloween candy. Feasible, but so improbable, it never actually happened.

    2. Simon Harris

      Re: Like Unicorns and Fairies

      "I have yet to come across a USB stick ...or been given one at a trade show."

      You must have been going to the wrong trade shows - at the ones I've been to they give them away like smarties. They tend to be the 1 or 2GByte varieties and are usually filled with company brochures and suchlike. I've had some in the shape of little robots, bones and joint replacements in the past.

      1. Michael Wojcik Silver badge

        Re: Like Unicorns and Fairies

        You must have been going to the wrong trade shows - at the ones I've been to they give them away like smarties.

        Needn't be a trade show, either. I've gotten them at the Computers & Writing and Modern Language Association conventions, for that matter. For a while it was pretty common for people to give away software and book samples on branded USB sticks, since they're cheap swag, and people will take them because they're (slightly) useful.

        Got one from the ACM, too. In fact, I think I've only ever purchased one USB flash drive myself; the rest were all gifts. (From reputable sources, and I check them with an unprivileged account on a scratch machine before plugging them into anything with real data. Always mount a scratch monkey.)

  12. Wombling_Free

    I don't think you need a circuit diagram for that.

    I'm currently (haha geddit?) building a Nixie clock, and that little demon doesn't look terribly difficult to recreate. It doesn't even need a USB interface chip, it would just get in the way.

    As for plugging in unknown USB sticks, that's what my work desktop is for. I'm sure our my employer's AV software will deal with it. It does keep warning me that the last AV update was in 2009 (I wish I was joking) but I am sure our outsourced IT dept is hitting all their KPIs.

    1. Neil Barnes Silver badge

      Re: I don't think you need a circuit diagram for that.

      +1 for the Nixie clock; I'm currently looking for some ZM1210 tubes and Ask Jan doesn't appear to have them.

      I like the negative supply, so everything is reverse biased. I have to go to great lengths in the day job to stop USB serial adaptors cheerfully powering the system through the chip protection diodes...

  13. Herby

    Things a bit out of order...

    If this were "done right", the blasting of the USB port would take place AFTER injection of the STUXNET virus. Wait for it to be injected, THEN blast away after a nice time interval. You want to remove blame for the injection.

    Yes, there is a BOFH sequence here somewhere.

    Note to self: Always open up an unknown USB thumb drive before inserting.

    1. Neil Barnes Silver badge
      WTF?

      Re: Things a bit out of order...

      And be very wary of one that just 'happens' to have metal plates on either side...

  14. Spaceman Spiff

    Capacitors - caveat observer!

    My father, a well-known physicist, once showed me the power of capacitors, and to NEVER point a screwdriver or other pointy metallic object at the big ones! His research equipment had a lot of really big caps, and after grounding himself properly (I was a lad of 12 or so at the time), from 5 or 6 feet away from the gear, pointed a screwdriver at the fully charged capacitors - ZAP! A 6 foot lightning bolt surged from the caps to the screwdriver! I don't know how many watts it was, but if he hadn't taken the proper precautions, he would have been toast!

    That was a lesson I have never forgotten.

    1. DropBear
      Mushroom

      Re: Capacitors - caveat observer!

      Too bad it's the wrong lesson then. According to this helpful little chart (and any number of other ones), even a THREE feet long spark would require over half a million volts (yes, that's with needle electrodes), and by the looks of it, a 5-6 feet one would take about twice that. Let's be honest - at those kinds of voltages the fact that capacitors may or may not be involved in the circuit is the LEAST of your problems. One does also wonder what sort of distance those magic capacitors would have needed to have between their own terminals to avoid simply shorting themselves out, seeing as how according to the same chart even spherical points are not THAT far below - this is not a Leyden jar but a Leyden bathtub we're talking about. What exactly was your father charging, the bloody Wardenclyffe tower?!?

      1. Simon Harris

        Re: Capacitors - caveat observer!

        I don't imagine that it's unlikely for a physics researcher to have experiments needing at least a MVolt. A quick google for "high voltage research" or "ultra high voltage research" will yield plenty of examples.

        One possible scenario would be for there to be a fairly large number of capacitors, charged in parallel, each to a somewhat lower voltage (hence you don't need a huge gap between terminals of individual capacitors) and then switched into series, so the voltages in each are added together to something big.

      2. phuzz Silver badge
        Headmaster

        Re: Capacitors - caveat observer!

        I do remember my old physics teacher telling us a bout a capacitor that he had built out of two rolls of tin foil and a sheet of plastic as the dialectric. He built this thing, and tested it a few times and then put it away in a drawer and forgot about it.

        Over time, it some how charged up via convection, so next time he went searching in the drawer ZZZZAAAAPP!

        I keep meaning to build one myself.

        1. E 2

          Re: Capacitors - caveat observer!

          Oh, BS. Charged by convection. I can't believe nobody called you on this already.

          1. John Brown (no body) Silver badge

            Re: Capacitors - caveat observer!

            He meant induction. It was an early iCapacitor. His teacher later invented the iChargePad, couldn't think of a use for and just threw it in a drawer since he'd not invented the iPad yet.

      3. ilmari

        Re: Capacitors - caveat observer!

        Also, grounding yourself seems like the last thing you'd want to do.

        1. Pookietoo

          Re: the last thing you'd want to do.

          Grounding the screwdriver, OTOH, would seem advisable.

  15. Anonymous Coward
    Anonymous Coward

    Optional

    I have killed a laptop in similar circumstances.

    USB hubs come with a range of chargers, some are 5V and some are 12V. When you do a computer move sometimes these chargers get mixed up. Apparently the DC ends are identical as well. Needless to say once

    1. Anonymous Coward
      Anonymous Coward

      Re: Optional

      First thing with any new device - label it and its psu with a piece of white or yellow electrical tape and an indelible CD marker pen. The same with home routers etc that do not contain personal data - write all the relevant access settings on a label on the bottom.

      1. Dave 126 Silver badge

        Re: Optional

        I've done something similar -I plugged a 19v laptop power brick into a 12v external HDD. Oops.

        I recovered the data by snipping off a TVS diode from the HDD's PCB, and was able to recover all the data.

        The 19v adaptor got slung in the bin.

        For anyone who has done the same: http://community.wd.com/t5/Desktop-Mobile-Drives/HDD-TVS-diode-FAQ/td-p/250274

  16. Mike 16

    Prior Art

    I recall a response to the lockout chip that Nintendo added when exporting the Famicom as the Nintendo Entertainment system. In theory, the base units would only play cartridges made by Nintendo. All other software providers still had to have the carts made by Nintendo. Payment (months) in advance, and if you made a game that might compete with theirs, there might be an unfortunate delay in delivery, missing the holiday gift season.

    Legit game companies could do nothing but bend over and smile, but pirates simply added a little circuit like this USB-killer to fry the lockout chip.

  17. Kevin McMurtrie Silver badge
    Mushroom

    Meh

    Zapping the data lines won't propagate beyond the USB port. A nastier trick would be drawing some to charge the capacitor bank then returning it at extremely high positive voltage. There's an excellent chance of there being a strong diode path allowing the surge to backflow into a common 5V power rail. PTC protectors used for secondary protection are too slow to stop this.

    1. SolidSquid

      Re: Meh

      According to the original article it's actually able to get past the USB port and fry other components, potentially including the CPU

  18. Anonymous Coward
    Anonymous Coward

    Mains lead, USB plug. Simple.

    1. Dave 126 Silver badge

      That'd be a little harder to 'socially engineer', though!

    2. Simon Harris

      "Mains lead, USB plug. Simple."

      A rewired laptop 'brick' power supply might be an easier root to blow up someone's computer - and easier to socially engineer if you're going to go the mains lead route, particularly if you know your mark's computer and can just surreptitiously swap PSUs when they're not looking.

      If course, if it's a new Macbook, the PSU is a USB device so your idea's not far off the mark!

  19. Anonymous Coward
    Anonymous Coward

    RE. Re. Meh

    Hate to say it but we independently invented this at work nearly two years ago.

    Never tested it but the upshot was that by modifying an old laptop inverter with the piezo transformer it was possible to make a USB thumbdrive with a timer and 1000uF tantalums (allowing someone to plant it in the back and run) that would essentially nuke the machine it was connected to yet work perfectly as a pendrive until the timer ran out or better still target a given machine so it would cripple something important and not some bean counter's b0xen.

    Worked out that with this not only would it fry the port but likely result in the power supply exploding due to HV jumping from the +5V and/or data lines to other sensitive parts on the board thus causing a SMPS feedback decoupling event resulting in a KaF4Ck!ngBOOM of Biblical proportions and likely destroying not only that machine but everything connected to it for good measure like an itty bitty lightning strike.

    For added evilness the device would if the machine was rebooted with it connected dump and infect the BIOS with malware and if it was able also dump the FAT and MBR of the target drive to its internal memory for later analysis.

    We called this little beauty "Thor's Hammer" :-)

    1. I Am Spartacus
      Pint

      Re: RE. Re. Meh

      Kudos. Have a pint on me.

      Where can I send my order?

Page:

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like