Security experts have been warning for years about the dangers of USB sticks as a conduit for malware, but a Russian researcher has bragged about coming up with a more direct method for borking a computer – with old-fashioned electricity.
The idea is cunningly simple but fiendish, and reminds us of the Etherkiller: the researcher, nicknamed Dark Purple, broke up a standard USB stick, and installed an inverting DC-DC converter and some capacitors bought from a Chinese website.
When the stick is plugged in, it charges the capacitors to -110V before shutting down, the Hackaday blog notes. Next, a transistor discharges the stored electricity through the USB port's data pins.
This continues until the capacitors are down to -7V, at which point the DC-DC converter is switched back on, and begins to charge the capacitor bank for the next cycle.
USB ports are typically well protected from electrical attacks, but the inverting DC-DC converter gets around these defenses – and eventually overloads them to damage the PC's sensitive inner electronics.
The researcher (wisely) didn't publish schematics for the invention, nor some crucial details on how to build one. But the device has the potential (no pun intended) to fry not only the USB port, but possibly other components on motherboards, and even the CPU itself.
"I'm not going to talk to you about the application area, but a former colleague says that it's like an atomic bomb: cool to have, but can not be applied," Dark Purple said.
As hacks go this is quite an unpleasant one, but it gives yet another reason to never, ever, use an untrusted USB gadget. ®