Just that basic description is enough of a start to any real electronic engineer.
Forget viruses: Evil USB drive 'fries laptops with a power surge'
Security experts have been warning for years about the dangers of USB sticks as a conduit for malware, but a Russian researcher has bragged about coming up with a more direct method for borking a computer – with old-fashioned electricity. The idea is cunningly simple but fiendish, and reminds us of the Etherkiller: the …
COMMENTS
-
-
-
Friday 13th March 2015 01:16 GMT Anonymous Prime
RICH, CHUNKY VOLTS
>>Didn't BOFH do this many years back? Except with a Laptop full of batteries?
From "The Bastard Goes to the Trade Show":
"The 31 hefty nicad batteries that make up almost the entire inside of my 'laptop' pour grunt into a tripling inverter which in turn supplies RICH, CHUNKY VOLTS to alternate pins on the 'SCSI' bus, whilst emitting a dull 'uuurk' sound."
I'm still waiting for the opportunity to use the phrase "RICH, CHUNKY VOLTS" somewhere in my life. This doesn't count.
-
Saturday 14th March 2015 10:47 GMT RobHib
@Adam Foxton -- Re: A salt and battery -- JUST BEGINNERS!
Ever had a piece of electronic gear that's been returned under warranty many times and the intermittent fault still remains, and whatever you do you can't get the service company to (a) believe you and (b) actually fix the problem?
Solution: Just stick the PWA/circuit board in the microwave and problem solved. Next time it's returned, they'll either fix the gear properly or replace it. Fixing the gear properly means completely replacing the offending PWA.
NOW, BEGINNERS DON'T RUSH OFF!
You have to know what you are doing or you'll brick it in such a way that you won't be able to take advantage of your warranty. If you don't know what you are doing don't do it. And worse, if your Mrs catches you there'll be hell to pay. You'll be blamed forever and a day about the smelly microwave tainting the food (it's nonsense of course unless you're stupid and overdo it).
1. First, calibrate your microwave on some known old disposable circuit board.
2. About 3-4 seconds of microwave energy is all you need. Any more and you'll blow the ICs to smithereens, the cases will explode and little craters will appear in the tops of the ICs near the Si chips. Such damage is even evident to room-temperature IQ types, they won't usually blame you but they'll say lightening struck it and won't honour the warranty.
3. Done properly, the PWA will show absolutely no signs of damage whatsoever but the majority of the ICs will be totally stuffed internally—the professional term for such damage is BER (Beyond Economic Repair).
4. Never put a whole laptop in microwave, it's possible the damage to the electronics could short the battery (we don't want any loud bangs, now do we?) Also, the screen will go motley and be obvious.
5. The quickest way to brick a laptop without being obvious is to expose the circuit board/PWA and run a wide metal contact down the CPU support chips with the power still on (you're very unlikely to blow the battery because on-board fuses and safety stuff in the battery will stop excess currents. It's often best to get a techie to do it, he'll know how to do it without marking the solder pads (thus leaving traces).
(In the past, I've had to do this legitimately to get rid of old corporate laptops.)
6. There's much more, but that's secret!
REMEMBER. DO NOT DELIBERATELY SCREW UP EQUIPMENT BELONGING TO OTHERS! (THERE ARE MANY RULES ABOUT IT.)
-
-
-
Friday 13th March 2015 23:17 GMT John Brown (no body)
"15 year old me would have had a field day with this, no school computer would have been safe!"
A bit of silver foil shoved into a USB port shorting out the pins is enough to stop a PC booting. I'm not sure if it can permanently harm it, but in this one case the PC was working again once we identified the cause and removed the offending conductive material from the socket.
-
-
Saturday 14th March 2015 18:01 GMT BillG
Just that basic description is enough of a start to any real electronic engineer.
That's what I was thinking. You've got small SMPS chips today that don't need an external inductor, and high density supercapacitors that can fit inside a medium to large USB stick.
There's plenty of you software developers out there but it's us hardware engineers that keep the real secrets.
-
-
Thursday 12th March 2015 22:18 GMT MrDamage
BOFH Potential?
Instead of frying the USB circuitry, perhaps it could be modified to fry the user as they attempt to unplug the device.
Simon and the PFY would have some fun with these no doubt. Introducing a whole new generation of users to the thrilling kiss of the cattleprod, without even having to be in the same room.
-
-
-
Thursday 4th June 2015 09:19 GMT Anonymous Coward
Once I had a compact camera that was left with us a "not worth repairing due to visible sand" being fairly technically minded I thought it was a shame to chuck this branded device so I carefully dissembled it to try clean it. At some point my hand fell across the flash circuit and my arm involuantarily straightened in a trully impressive way throwing the camera with such force against the far wall that it exploded in a hail of bits. Part funny part painful, good lesson on the residual danger of chunky capacitors and devices that have not been powered up recently.
-
-
-
-
Friday 13th March 2015 00:40 GMT David Pollard
Maybe this is something of a scare story intended to put people off using the anonymous USB letterboxes that have been appearing of late.
http://gizmodo.com/5677377/theres-a-usb-stick-in-my-brick-wall
Presumably we will soon see connectors with diodes and fuses appearing as an appropriate accessory.
-
Friday 13th March 2015 00:52 GMT Robert Helpmann??
Like Unicorns and Fairies
I have heard over and over not to put untrusted USB drives in my computer and have heard all sorts of anecdotal examples of "this guy did it and it led to ruination and woe." I have yet to come across a USB stick left next to my car in the parking lot or been given one at a trade show. Stuxnet aside, does this ever actually happen? I deal with malware and a variety of attacks often enough, but never this sort of thing. Are such attacks more prevalent elsewhere or is this simply a threat that gets more attention because it sounds cool to do?
-
Friday 13th March 2015 10:42 GMT Simon Harris
Re: Like Unicorns and Fairies
"I have yet to come across a USB stick ...or been given one at a trade show."
You must have been going to the wrong trade shows - at the ones I've been to they give them away like smarties. They tend to be the 1 or 2GByte varieties and are usually filled with company brochures and suchlike. I've had some in the shape of little robots, bones and joint replacements in the past.
-
Tuesday 17th March 2015 17:58 GMT Michael Wojcik
Re: Like Unicorns and Fairies
You must have been going to the wrong trade shows - at the ones I've been to they give them away like smarties.
Needn't be a trade show, either. I've gotten them at the Computers & Writing and Modern Language Association conventions, for that matter. For a while it was pretty common for people to give away software and book samples on branded USB sticks, since they're cheap swag, and people will take them because they're (slightly) useful.
Got one from the ACM, too. In fact, I think I've only ever purchased one USB flash drive myself; the rest were all gifts. (From reputable sources, and I check them with an unprivileged account on a scratch machine before plugging them into anything with real data. Always mount a scratch monkey.)
-
-
Friday 13th March 2015 01:04 GMT Wombling_Free
I don't think you need a circuit diagram for that.
I'm currently (haha geddit?) building a Nixie clock, and that little demon doesn't look terribly difficult to recreate. It doesn't even need a USB interface chip, it would just get in the way.
As for plugging in unknown USB sticks, that's what my work desktop is for. I'm sure our my employer's AV software will deal with it. It does keep warning me that the last AV update was in 2009 (I wish I was joking) but I am sure our outsourced IT dept is hitting all their KPIs.
-
Friday 13th March 2015 08:37 GMT Neil Barnes
Re: I don't think you need a circuit diagram for that.
+1 for the Nixie clock; I'm currently looking for some ZM1210 tubes and Ask Jan doesn't appear to have them.
I like the negative supply, so everything is reverse biased. I have to go to great lengths in the day job to stop USB serial adaptors cheerfully powering the system through the chip protection diodes...
-
-
Friday 13th March 2015 01:14 GMT Herby
Things a bit out of order...
If this were "done right", the blasting of the USB port would take place AFTER injection of the STUXNET virus. Wait for it to be injected, THEN blast away after a nice time interval. You want to remove blame for the injection.
Yes, there is a BOFH sequence here somewhere.
Note to self: Always open up an unknown USB thumb drive before inserting.
-
Friday 13th March 2015 01:40 GMT Spaceman Spiff
Capacitors - caveat observer!
My father, a well-known physicist, once showed me the power of capacitors, and to NEVER point a screwdriver or other pointy metallic object at the big ones! His research equipment had a lot of really big caps, and after grounding himself properly (I was a lad of 12 or so at the time), from 5 or 6 feet away from the gear, pointed a screwdriver at the fully charged capacitors - ZAP! A 6 foot lightning bolt surged from the caps to the screwdriver! I don't know how many watts it was, but if he hadn't taken the proper precautions, he would have been toast!
That was a lesson I have never forgotten.
-
Friday 13th March 2015 09:50 GMT DropBear
Re: Capacitors - caveat observer!
Too bad it's the wrong lesson then. According to this helpful little chart (and any number of other ones), even a THREE feet long spark would require over half a million volts (yes, that's with needle electrodes), and by the looks of it, a 5-6 feet one would take about twice that. Let's be honest - at those kinds of voltages the fact that capacitors may or may not be involved in the circuit is the LEAST of your problems. One does also wonder what sort of distance those magic capacitors would have needed to have between their own terminals to avoid simply shorting themselves out, seeing as how according to the same chart even spherical points are not THAT far below - this is not a Leyden jar but a Leyden bathtub we're talking about. What exactly was your father charging, the bloody Wardenclyffe tower?!?
-
Friday 13th March 2015 10:37 GMT Simon Harris
Re: Capacitors - caveat observer!
I don't imagine that it's unlikely for a physics researcher to have experiments needing at least a MVolt. A quick google for "high voltage research" or "ultra high voltage research" will yield plenty of examples.
One possible scenario would be for there to be a fairly large number of capacitors, charged in parallel, each to a somewhat lower voltage (hence you don't need a huge gap between terminals of individual capacitors) and then switched into series, so the voltages in each are added together to something big.
-
Friday 13th March 2015 13:09 GMT phuzz
Re: Capacitors - caveat observer!
I do remember my old physics teacher telling us a bout a capacitor that he had built out of two rolls of tin foil and a sheet of plastic as the dialectric. He built this thing, and tested it a few times and then put it away in a drawer and forgot about it.
Over time, it some how charged up via convection, so next time he went searching in the drawer ZZZZAAAAPP!
I keep meaning to build one myself.
-
-
-
-
-
Friday 13th March 2015 10:19 GMT Dave 126
Re: Optional
I've done something similar -I plugged a 19v laptop power brick into a 12v external HDD. Oops.
I recovered the data by snipping off a TVS diode from the HDD's PCB, and was able to recover all the data.
The 19v adaptor got slung in the bin.
For anyone who has done the same: http://community.wd.com/t5/Desktop-Mobile-Drives/HDD-TVS-diode-FAQ/td-p/250274
-
-
-
Friday 13th March 2015 04:27 GMT Mike 16
Prior Art
I recall a response to the lockout chip that Nintendo added when exporting the Famicom as the Nintendo Entertainment system. In theory, the base units would only play cartridges made by Nintendo. All other software providers still had to have the carts made by Nintendo. Payment (months) in advance, and if you made a game that might compete with theirs, there might be an unfortunate delay in delivery, missing the holiday gift season.
Legit game companies could do nothing but bend over and smile, but pirates simply added a little circuit like this USB-killer to fry the lockout chip.
-
Friday 13th March 2015 04:53 GMT Kevin McMurtrie
Meh
Zapping the data lines won't propagate beyond the USB port. A nastier trick would be drawing some to charge the capacitor bank then returning it at extremely high positive voltage. There's an excellent chance of there being a strong diode path allowing the surge to backflow into a common 5V power rail. PTC protectors used for secondary protection are too slow to stop this.
-
-
Friday 13th March 2015 10:53 GMT Simon Harris
"Mains lead, USB plug. Simple."
A rewired laptop 'brick' power supply might be an easier root to blow up someone's computer - and easier to socially engineer if you're going to go the mains lead route, particularly if you know your mark's computer and can just surreptitiously swap PSUs when they're not looking.
If course, if it's a new Macbook, the PSU is a USB device so your idea's not far off the mark!
-
Friday 13th March 2015 09:25 GMT Anonymous Coward
RE. Re. Meh
Hate to say it but we independently invented this at work nearly two years ago.
Never tested it but the upshot was that by modifying an old laptop inverter with the piezo transformer it was possible to make a USB thumbdrive with a timer and 1000uF tantalums (allowing someone to plant it in the back and run) that would essentially nuke the machine it was connected to yet work perfectly as a pendrive until the timer ran out or better still target a given machine so it would cripple something important and not some bean counter's b0xen.
Worked out that with this not only would it fry the port but likely result in the power supply exploding due to HV jumping from the +5V and/or data lines to other sensitive parts on the board thus causing a SMPS feedback decoupling event resulting in a KaF4Ck!ngBOOM of Biblical proportions and likely destroying not only that machine but everything connected to it for good measure like an itty bitty lightning strike.
For added evilness the device would if the machine was rebooted with it connected dump and infect the BIOS with malware and if it was able also dump the FAT and MBR of the target drive to its internal memory for later analysis.
We called this little beauty "Thor's Hammer" :-)