A USB Killer is a device that looks similar to a USB thumb drive that sends high-voltage power surges into the device it is connected to, which can damage hardware components. Its manufacturers claim the device has been designed to test components for protection from power surges and electrostatic discharge; however, there have been several instances of malicious use, and the device is not used for device testing by any major company. The device is often mentioned in articles warning readers against plugging in unknown USB drives.
Mechanism
The device collects power from the USB power source of the component it is connected to in its capacitors until it reaches a high voltage and then it discharges the high voltage onto the data pins. Versions 2 and 3 of the device may generate a voltage of 215 to 220 volts. This device has been compared to the Etherkiller, a family of cables that feed mains electricity into low-voltage sockets such as RJ45.
Models
There are different models of the device, the latest being USB Killer v3. Earlier generations, including USB Killer v2, were developed by a Russian computer researcher with the alias Dark Purple. Similar homemade devices have been constructed from USB air ionisers and camera flash parts, both of which already feature high-voltage circuitry. A more recent version uses the piezo inverter transformer from a CCFL driver with a simple two transistor resonant Royer oscillator, one shot timer and a spark gap as a lightweight way to generate an 1800V sharp pulse more closely simulating a low power electrostatic discharge for mitigation and circuit testing purposes. The prototype has a countdown timer and ascending bleep warning to reduce the chances of accidental or malicious use.
Potential defenses
One author believes that the new cryptographic authentication protocol for USB-C authentication announced by the USB Implementers Forum would help to protect against this device by preventing unauthorized USB connections from being made, although some manufacturers now claim that they can bypass this protocol. Some developers of the device believe that an optocoupler can protect against the device but from later testing even applying a short risetime high voltage pulse to the case can damage some sensitive systems.
Incidents
In April 2019, a 27-year-old Indian former student of the College of Saint Rose, Vishwanath Akuthota, pleaded guilty to destroying 59 computers in his college using a USB killer, resulting in over $50,000 in damages. He also destroyed seven computer monitors and computer-enhanced podiums. He was sentenced to 12 months in prison, followed by a year of supervised release for doing so, in August 2019. He was also ordered to pay $58,471 as restitution charge.