USB ports are fantastic, but they also open up your computer to a peculiar vulnerability: voltage. While a USB port is designed to handle just a few volts of electricity, a USB kill stick forces hundreds of volts into your computer, destroying all the sensitive electrical components inside.
How does it do this, and should you ever use one?
How Does a USB Kill Stick Work?
From the outside, a USB kill stick can look like any other USB thumb drive. Although, you can modify any USB device to act as a USB kill stick. USB ionic air purifiers are a common disguise for USB killers since an actual purifier has internal components that look similar to a USB killer.
Regardless of the exact form factor of the USB kill stick, they all work in the same fundamental way. When the device receives power from the USB port, it stores it in an electronic component known as a capacitor.
Capacitors are a common component you’ll find everywhere inside your computer. The primary job of a capacitor is to store electrical energy in an electric field. Think of it as a sort of storage tank. A small trickle of low-pressure water fills up the tank. You can then choose how quickly you want to empty the tank, including dumping it all at once as a high-pressure deluge.
That’s what happens in a USB killer. The capacitors fill up using the low-voltage USB standard and then push high voltage electricity back through the data pins of the same USB connection, destroying the computer. The data pins are designed to take only a tiny amount of power, just enough to send signals. So high-voltage power wreaks havoc and releases the Magic Smoke.
Next Generation USB Killers
USB kill sticks aren’t very complicated devices, but folks who market them are adding new features. Newer models have higher discharge amounts and now have special electronics that bypass USB-C or Lightning port security. These more recent connection standards have much more advanced power limit controls, so older USB kill sticks may not work on newer systems. The latest USB killers take care of that obstacle and also have more attack modes.
For example, you can use them against smartphones or use a time delay so that you can plug it in, walk away and have the device self-destruct later when you’re gone.
New USB kill sticks have internal batteries that destroy devices even when they are turned off. You can also get several adapters that allow you to destroy devices via HDMI, DisplayPort, MicroUSB, and more. Suffice to say that cutting-edge kill sticks are no joke.
Why Use a USB Killer?
The people who make USB killers claim they can test whether computer equipment is vulnerable to power surges. However, this doesn’t make much sense, given that no computer can withstand this “test.” As far as we can tell, USB killers are not used for this purpose by penetration testers.
The real reason to use a USB killer is to quickly and irrevocably destroy computer equipment. There are scenarios where you might want to do this yourself. For example, if you’re going to throw away an old computer but don’t want anyone to reuse it. However, a USB killer wouldn’t be a reliable way to destroy data, especially in the case of mechanical hard drives, where data can still be recovered from the drive by a specialist.
If you’re thinking of a way to destroy data permanently, have a look at tools that can permanently destroy your data. Not only will they permanently wipe the drive, but you can still reuse it.
How To Protect Yourself Against USB Killers
You will want to protect your computer from falling victim to a USB kill stick. As mentioned above, the latest generation of kill sticks makes short work of the newest safety measures within USB ports.
Therefore, the best protection is to prevent one of these devices from ever being inserted into your computer. That means the physical security around your computer has to be adequate. If people you don’t know can walk by and plug stuff into your computer while you’re away, that’s an invitation for trouble.
Keeping the computer away from unauthorized users is part of the defense, but it’s not enough. You also need to refrain from putting unknown USB devices into your computer. For example, if you find a USB drive lying around, don’t plug it into your computer because it may be both a planted USB killer or have malware on it. Leaving USB drives around is a tried and tested method for hackers to gain access to computer systems.
You could also consider using USB port blockers. However, as we noted above, new USB killers can use almost any port on the computer with the correct adapter. So if you want to lock down ports physically, it will have to be all of them.
Where To Buy USB Kill Sticks
We aren’t linking to any direct sites that sell these devices, but you don’t have to go trawling the Dark Web to find them. A simple web search will show you exactly where you can buy a USB kill stick.
We cannot recommend these since there’s no legitimate reason to buy any of these devices unless you explicitly protect against them and need test samples. For everyone else, steer clear.
The Consequences of Using a USB Killer
If you use a USB killer device on anything you don’t own yourself, you’re committing a serious crime. At the very least, you’re liable for property destruction and quite likely for other damages such as loss of data or productivity.
USB kill sticks are not toys; they are dangerous and destructive devices that can cause hundreds, thousands, or even millions in damage in the wrong hands.
Even if you have nefarious intentions, using a USB kill stick is incredibly risky for you! It means that you have to perform the attack physically.
We think it’s vital that every user knows about the existence of USB kill sticks, but we also strongly advise that you think twice before you ever consider purchasing or using one.