USB 端口(USB ports)非常棒,但它们也会使您的计算机面临一个特殊的漏洞:电压。虽然USB端口设计为仅处理几伏特的电力,但USB杀毒棒会迫使数百伏特的电压进入您的计算机,从而破坏内部所有敏感的电子元件。
它是如何做到这一点的,你应该使用一个吗?
USB Kill Stick 如何工作?
从外观上看,USB杀毒棒可能看起来像任何其他USB拇指驱动器。虽然,您可以修改任何USB设备以充当USB杀毒棒。USB离子空气净化器是(USB)USB杀手的常见伪装,因为实际的净化器具有看起来类似于USB杀手的内部组件。
无论USB 杀伤(USB kill)棒的确切外形尺寸如何,它们都以相同的基本方式工作。当设备从USB端口接收电源时,它会将其存储在称为电容器(capacitor)的电子元件中。
电容器是您在计算机中随处可见的常见组件。电容器的主要工作是在电场中储存电能。把(Think)它想象成一种储存罐。一小滴低压水充满了水箱。然后,您可以选择清空水箱的速度,包括以高压洪水的形式一次性倾倒所有水箱。
这就是USB(USB)杀手中发生的事情。电容器使用低压USB标准填满,然后通过同一USB连接的数据引脚将高压电推回,从而损坏计算机。数据引脚设计为仅消耗少量功率,仅足以发送信号。于是高压电肆虐,释放出魔烟(Magic Smoke)。
下一代 USB 杀手
USB杀灭棒不是很复杂的设备,但销售它们的人正在添加新功能。较新的型号具有更高的放电量,并且现在具有绕过USB-C或闪电端口安全性的特殊电子设备。这些较新的连接标准具有更先进的功率限制控制,因此较旧的USB杀毒棒可能无法在较新的系统上运行。最新的USB杀手解决了这个障碍,并且有更多的攻击模式。
例如,您可以将它们用于智能手机或使用时间延迟,以便您可以将其插入、走开,并在您离开后让设备自毁。
新的 USB(New USB)杀戮棒有内置电池,即使在设备关闭时也会损坏设备。您还可以获得多个适配器,允许您通过HDMI、DisplayPort、MicroUSB等来销毁设备。可以说,尖端杀戮棒可不是开玩笑的。
为什么要使用 USB Killer?
制造 USB 杀手的人声称他们可以测试计算机设备是否容易受到电涌(power surges)的影响。然而,这并没有多大意义,因为没有计算机能够经受住这种“测试”。据我们所知,渗透测试人员不会为此目的使用USB杀手。(USB)
使用USB杀手的真正原因是快速且不可逆转地破坏计算机设备。在某些情况下,您可能希望自己执行此操作。例如,如果您打算扔掉一台旧电脑,但不希望任何人重复使用它。但是,USB杀手并不是破坏数据的可靠方法,尤其是在机械硬盘驱动器的情况下,专家仍然可以从驱动器中恢复数据。
如果您正在考虑永久销毁数据的方法,请查看可以永久销毁数据的工具(tools that can permanently destroy your data)。他们不仅会永久擦除驱动器,而且您仍然可以重复使用它。
如何保护自己免受 USB 杀手的侵害(Against USB Killers)
您需要保护您的计算机免于成为USB(USB)杀毒棒的受害者。如上所述,最新一代的杀毒棒使USB端口内最新的安全措施变得很短。
因此,最好的保护措施是防止将这些设备之一插入您的计算机。这意味着您计算机周围的物理安全性必须足够。如果您不认识的人可以在您离开时路过并将东西插入您的计算机,那就是麻烦的邀请。
使计算机远离未经授权的用户是防御的一部分,但这还不够。您还需要避免将未知的USB设备放入您的计算机。例如,如果您发现周围有一个USB驱动器,请不要将其插入您的计算机,因为它可能既是USB杀手,也可能带有恶意软件(have malware on it)。留下 USB 驱动器是黑客获取计算机系统访问权限的一种久经考验的方法。
您也可以考虑使用USB 端口拦截器(USB port blockers)。然而,正如我们上面提到的,新的USB杀手几乎可以使用计算机上的任何端口和正确的适配器。因此,如果您想在物理上锁定端口,则必须是所有端口。
哪里可以买到 USB 杀毒棒
我们没有链接到任何销售这些设备的直接网站,但您不必去暗网搜索(Dark Web)即可找到它们。一个简单的网络搜索会告诉你在哪里可以买到U(USB)盘。
我们不能推荐这些,因为没有正当理由购买任何这些设备,除非您明确保护它们并需要测试样品。对于其他所有人,请避开。
使用USB Killer的后果(USB Killer)
如果您在不属于您自己的任何东西上使用USB杀手设备,您将犯下严重罪行。(USB)至少,您要对财产损失负责,并且很可能要对其他损失负责,例如数据丢失或生产力损失。
USB杀毒棒不是玩具;它们是危险且具有破坏性的设备,如果落入坏人之手,可能会造成数百、数千甚至数百万的损失。
即使你有邪恶的意图,使用U(USB)盘对你来说也是非常危险的!这意味着您必须进行物理攻击。
我们认为每个用户都知道USB杀毒棒的存在至关重要,但我们也强烈建议您在考虑购买或使用 USB 杀毒棒之前三思而后行。
What Is a USB Kill Stick and Do You Need One?
USB ports are fantastic, but they also open up your computer to a peculiar vulnerability: voltage. While a USB port is designed to handle just a few volts of electricity, a USB kill stick forces hundreds of volts into your computer, destroying all the sensitive electrical components inside.
How does it do this, and should you ever use one?
How Does a USB Kill Stick Work?
From the outside, a USB kill stick can look like any other USB thumb drive. Although, you can modify any USB device to act as a USB kill stick. USB ionic air purifiers are a common disguise for USB killers since an actual purifier has internal components that look similar to a USB killer.
Regardless of the exact form factor of the USB kill stick, they all work in the same fundamental way. When the device receives power from the USB port, it stores it in an electronic component known as a capacitor.
Capacitors are a common component you’ll find everywhere inside your computer. The primary job of a capacitor is to store electrical energy in an electric field. Think of it as a sort of storage tank. A small trickle of low-pressure water fills up the tank. You can then choose how quickly you want to empty the tank, including dumping it all at once as a high-pressure deluge.
That’s what happens in a USB killer. The capacitors fill up using the low-voltage USB standard and then push high voltage electricity back through the data pins of the same USB connection, destroying the computer. The data pins are designed to take only a tiny amount of power, just enough to send signals. So high-voltage power wreaks havoc and releases the Magic Smoke.
Next Generation USB Killers
USB kill sticks aren’t very complicated devices, but folks who market them are adding new features. Newer models have higher discharge amounts and now have special electronics that bypass USB-C or Lightning port security. These more recent connection standards have much more advanced power limit controls, so older USB kill sticks may not work on newer systems. The latest USB killers take care of that obstacle and also have more attack modes.
For example, you can use them against smartphones or use a time delay so that you can plug it in, walk away and have the device self-destruct later when you’re gone.
New USB kill sticks have internal batteries that destroy devices even when they are turned off. You can also get several adapters that allow you to destroy devices via HDMI, DisplayPort, MicroUSB, and more. Suffice to say that cutting-edge kill sticks are no joke.
Why Use a USB Killer?
The people who make USB killers claim they can test whether computer equipment is vulnerable to power surges. However, this doesn’t make much sense, given that no computer can withstand this “test.” As far as we can tell, USB killers are not used for this purpose by penetration testers.
The real reason to use a USB killer is to quickly and irrevocably destroy computer equipment. There are scenarios where you might want to do this yourself. For example, if you’re going to throw away an old computer but don’t want anyone to reuse it. However, a USB killer wouldn’t be a reliable way to destroy data, especially in the case of mechanical hard drives, where data can still be recovered from the drive by a specialist.
If you’re thinking of a way to destroy data permanently, have a look at tools that can permanently destroy your data. Not only will they permanently wipe the drive, but you can still reuse it.
How To Protect Yourself Against USB Killers
You will want to protect your computer from falling victim to a USB kill stick. As mentioned above, the latest generation of kill sticks makes short work of the newest safety measures within USB ports.
Therefore, the best protection is to prevent one of these devices from ever being inserted into your computer. That means the physical security around your computer has to be adequate. If people you don’t know can walk by and plug stuff into your computer while you’re away, that’s an invitation for trouble.
Keeping the computer away from unauthorized users is part of the defense, but it’s not enough. You also need to refrain from putting unknown USB devices into your computer. For example, if you find a USB drive lying around, don’t plug it into your computer because it may be both a planted USB killer or have malware on it. Leaving USB drives around is a tried and tested method for hackers to gain access to computer systems.
You could also consider using USB port blockers. However, as we noted above, new USB killers can use almost any port on the computer with the correct adapter. So if you want to lock down ports physically, it will have to be all of them.
Where To Buy USB Kill Sticks
We aren’t linking to any direct sites that sell these devices, but you don’t have to go trawling the Dark Web to find them. A simple web search will show you exactly where you can buy a USB kill stick.
We cannot recommend these since there’s no legitimate reason to buy any of these devices unless you explicitly protect against them and need test samples. For everyone else, steer clear.
The Consequences of Using a USB Killer
If you use a USB killer device on anything you don’t own yourself, you’re committing a serious crime. At the very least, you’re liable for property destruction and quite likely for other damages such as loss of data or productivity.
USB kill sticks are not toys; they are dangerous and destructive devices that can cause hundreds, thousands, or even millions in damage in the wrong hands.
Even if you have nefarious intentions, using a USB kill stick is incredibly risky for you! It means that you have to perform the attack physically.
We think it’s vital that every user knows about the existence of USB kill sticks, but we also strongly advise that you think twice before you ever consider purchasing or using one.
