2015-10-17

"USB Killer" Hype

This week, there was lots of fuss about the latest generation of "USB Killer" hype. I won't link to any articles. The device looks like a USB flash drive but overvolts and reportedly bricks computers. It was announced back in March. The "2.0" version was announced recently, and the hype is back.

Here's my take:

Since the chances of running into one of these in the wild are virtually nil, I think the real lessons here are not to leave your computer unattended, and not to let strangers plug things into your computer. These are more useful security measures than refusal to plug in a stray USB stick.  These actions also defend against more attacks (e.g. evil maid, Thunderstrike, data extraction and others, not to mention outright theft of the computer.)

There are only a few extant devices in a "thumb drive" form-factor that are engineered to fry the logic board of whatever you plug it into. The people who have these devices (those who made them) probably won't leave them laying around. I know I wouldn't. They're expensive to build and re-usable. If I were up to no good, I'd want to be the one to plug it into something. Then, I'd take it out and move to the next target.

Until this class of device sees commercial availability, we all have much more nefarious things to be concerned about. In that case, prying the case off of a suspicious USB device might not be a bad idea. You wouldn't see a bank of large surface-mount capacitors taking up most of the space in a real flash drive.