Tuesday, March 7, 2017

USB Killers - Hardware and Software options to destroy your data (or devices)


Every new computer, whether running Linux or not, has some type of Universal Serial Bus (USB) connector. Most electronics now come with a USB connection of some type from TVs to cars. The time has arrived to worry about what device is being placed into these connectors or even being taken out.

There are two types of problems to be dealt with in this scenario. The first is to protect your hardware and the second is to protect your data with software.

Before we start, let's look at the USB system overall.

The USB hardware started in 1996 and began at a speed around 1.5 Mbps (megabytes per second), whereas today the speed is over 10 Gbps (gigabytes per second). The current estimate is that there are around 15 billion USB devices in the world making a USB device a very common item. The main aspects of USB which make it so convenient are the following:

  • Single connector type: USB replaces all the different legacy connectors with one well-defined, standardized USB connector for all USB peripheral devices. Thus eliminating the need for different cables and connectors and simplifying the design of the USB devices. The single connector type allows all USB devices to be connected directly to a standard USB port on a computer.
  • Hot-swappable: USB devices can be added and removed while the computer is running.

  • Low-cost implementation: The USB devices are managed by the USB Host which is implemented in the PC, phone, etc. The USB devices do not require a controller built-in so the cost is minimized for USB devices.

  • Plug and Play: Operating Systems (OS) identifies, configures, and loads the appropriate device driver when a USB device is connected.

  • High performance: USB offers a variety of speeds which are increasing with each update of the USB hardware.

  • Expandability: In theory, up to 127 different devices may be connected to a single bus.

  • Bus supplied power: The USB controller supplies power to all connected devices so there is no need for external power to be supplied if the device is low-powered. High-powered devices may still require an external power source.

  • Easy to use for end user: A single standard connector simplifies the usage of the USB device.
NOTE: For a detailed listing of USB devices and hubs on your Linux system, use the command from a terminal “lsusb -v”.

The USB Host is the main component of the USB system. The Host is usually the PC in to which the USB devices are plugged. The USB Host Controller Interface (HCI) is where the Hardware communicates with the Software.

The USB system works as a Master/Slave unit, usually termed Bus Mastering. The USB Host is the Master and controls the Slave (periphery devices) setting up a communication protocol between the Host and all devices. Each Host may have one or more Host Controllers which has a port or multiple ports attached to it. The port or ports on a single Host Controller of the USB Hub called the Root Hub. From these ports, devices and hubs may be attached to create USB Bus. All devices on the USB Bus are a Slave to the Host Controller of the Root Hub, which is the Master. Two devices on the same USB Bus can only communicate directly with each other through a USB Bridge.

USB connections consist of four connection points. These points allow for power and data connections. For USB 1.0, a pin provides 5V DC power while another pin provides the return of the power to complete the circuit. USB 3.0 on the other hand provides 20 volts, 5 amps, and 100 watts through the power connection. Keep in mind the power being sent through these ports!

To give a little more information, the amps used determines how fast the power can travel through the lines. A higher amperage can allow your phone to charge faster. For example, to use a 1 amp charger on your phone may require an hour to fully charge it. If you were to use a 2 amp charger, then your phone may only take half of an hour.

The Hardware option:

Let's look at the hardware first, the USB Kill. The USB Kill device looks like a regular USB Thumb Drive. It contains a capacitor, which is used to store power. The capacitor is charged to -200V DC. Once charged, the capacitor releases the stored voltage into the USB Port. The voltage may then travel into all parts of the device destroying components along the way until the voltage is dissipated. The capacitor is charged again and releases the burst of power into the system again. This process can occur numerous times in a single second. In a PC, the motherboard can be damaged in three seconds or less.

NOTE: USB Kill 1.0 can take up to 5 seconds to cause system damage.

What this means is that any hardware which has a USB port can be destroyed with the USB Kill device. Hardware can include PCs, laptops, televisions, phones, etc. The discharge of the voltage is similar to a voltage overload or a static burst such as a nearby lightning strike. Some devices have built-in protection against such power spikes, but some may not to the extent of -200V.

Everyone should be wary of using devices which may be found or ones others may try to place into your USB Port.

The USB Kill Device can be used over and over on many pieces of hardware.

NOTE: Please do not use the device maliciously if you should happen to have one.

A USB Killer Shield can be used to protect your hardware from being destroyed by a USB Kill device. A USB Killer Shield has two connectors, one is male and the other female. The male connector is plugged into the hardware and any USB device can be plugged into the female connector. By using the shield, you are protected from a USB Kill device.

NOTE: One final piece of information is that Apple devices seem to have a built-in protection from such a device so as not to allow the hardware device to be damaged.

The Software option:

For software, there is the USB Kill program. The script is more for your protection of your data. Keep all folders and files encrypted on your hard drive. Use the USBKill script from https://github.com/hephaest0s/usbkill. Once you have it on your system, run it with the command “sudo python usbkill.py” or “sudo python3 usbkill.py”. Make sure you have a USB drive in the USB Port. You can connect the drive to your wrist with a strap. If someone swipes your laptop the USB thumb drive will be removed. Once the script detects that the USB Port has had activity, then a special script will run as you have configured. The laptop could be powered off so no one can get back on it without the password. Before the laptop powers off, all data could be deleted, etc. The configuration can also specify USB Drives which will not set off the script when attached or removed.

The ability of the script is:

  • Compatible with Linux, *BSD and OS X
  • Shutdown the computer when there is USB activity
  • Customizable. Define which commands should be executed just before shut down
  • Ability to whitelist a USB device
  • Ability to change the check interval (default: 250ms)
  • Ability to melt the program on shut down
  • RAM and swap wiping
  • Works with sleep mode (OS X)
  • No dependency except secure-delete if you want usbkill to delete files/folders for you or if you want to wipe RAM or swap. sudo apt-get install secure-delete
  • Sensible defaults
The USB Kill script can help safeguard your data from theft or your hardware from unwanted use to prevent someone from copying the data off your system.

Be aware that the USB ports are useful and convenient, but they can pose a risk to your hardware and data. Keep your hardware and data safe as much as possible.

No comments:

Post a Comment