Oh no, you're thinking, yet another cookie pop-up. Well, sorry, it's the law. We measure how many people read us, and ensure you see relevant ads, by storing cookies on your device. If you're cool with that, hit “Accept all Cookies”. For more info and to customise your settings, hit “Customise Settings”.

Review and manage your consent

Here's an overview of our use of cookies, similar technologies and how to manage them. You can also change your choices at any time, by hitting the “Your Consent Options” link on the site's footer.

Manage Cookie Preferences

Necessary. Always active Read more

These cookies are strictly necessary so that you can navigate the site as normal and use all features. Without these cookies we cannot provide you with the service that you expect.
Tailored Advertising. Read more

These cookies are used to make advertising messages more relevant to you. They perform functions like preventing the same ad from continuously reappearing, ensuring that ads are properly displayed for advertisers, and in some cases selecting advertisements that are based on your interests.
Analytics. Read more

These cookies collect information in aggregate form to help us understand how our websites are being used. They allow us to count visits and traffic sources so that we can measure and improve the performance of our sites. If people say no to these cookies, we do not know how many people have visited and we cannot monitor performance.

See also our Cookie policy and Privacy policy.

Customise Settings

Security

Shocker: Net anarchist builds sneaky 220v USB stick that fries laptops

Some folks just want to watch the world burn

Darren Pauli Wed 14 Oct 2015 // 20:25 UTC

Vid An internet mischief maker has built a USB stick that delivers dangerous 220-volt shocks to PCs, destroying them in the process.

The USB Killer is the second iteration of a laptop-wrecking device crafted by a Linux and infosec techie nicknamed Dark Purple. The first version of the PC-zapping hardware emerged in March, and pumped 110 volts of anarchic fun across motherboards.

"The device performs only one function: the destruction of computers," the Purple one wrote in a Russian-language blog post this month.

"But let's not limit it to computers. The device is able to incapacitate almost any equipment with a USB host interface. The main feature of the new version of the device is the doubled output voltage, which is 220 volts (strictly speaking, minus 220)."

The USB zapper looks like any conventional USB stick.

The Russian tinkerer says it uses a voltage converter that charges capacitors to 220V when plugged into a machine, drawing the power needed to do this from its victim. The stored energy is sent back through the USB interface, and the process is repeated until the computer drops dead.

It's a more sophisticated Etherkiller, but for USB.

The booby-trapped USB could fry smartphones that support USB OTG mode, plus TVs, routers, and other equipment, Purple says. If the circuitry is not designed to take a large amount of juice, it will fail. Typically, USB interfaces deal with five volts and up to 500mA for USB 2.0 and 900mA for USB 3.0 in current.

Youtube video demonstrating the USB killer stick

Security researchers have shown that employees will pick up mysterious USBs they find in parking lots and offices and plug them into their work computers. Doing so with one of these high-voltage charging sticks will send sparks flying across the office, perhaps literally. ®

Similar topics

Hardware

Narrower topics

Corrections Send us news

Other stories you might like

Twitter preps poison pill to preclude Elon Musk's purchase plan

Populist provocateur ponders partners to pay for platform prize

Thomas Claburn in San Francisco Sat 16 Apr 2022 // 01:14 UTC

Comment Twitter on Friday said its board of directors had unanimously approved a plan to prevent a hostile takeover, something that became a distinct possibility after billionaire Elon Musk offered $43 billion to buy the social media network.
The poison pill, or "Rights Plan," the biz said, "will reduce the likelihood that any entity, person or group gains control of Twitter through open market accumulation without paying all shareholders an appropriate control premium or without providing the Board sufficient time to make informed judgments and take actions that are in the best interests of shareholders."
The "Rights Plan" would require Musk to negotiate directly with the board to increase his share of the company beyond 15 percent. After that every existing shareholder, with the exception of Musk, would be able to buy Twitter stock at a discounted rate.

Continue reading
Feds offer $5m reward for info on North Korean cyber crooks

Meanwhile: Caltech grad earns five years in prison for heping Kim's coders

Jessica Lyons Hardcastle Fri 15 Apr 2022 // 23:24 UTC

The US government offered a reward up to $5 million for information that helps disrupt North Korea's cryptocurrency theft, cyber-espionage, and other illicit state-backed activities.
The cash will be awarded "for information that leads to the disruption of financial mechanisms of persons engaged in certain activities that support North Korea, including money laundering, exportation of luxury goods to North Korea, specified cyber-activity and actions that support WMD proliferation," according to the Feds.
This includes "information on those who seek to undermine cybersecurity, including financial institutions and cryptocurrency exchanges around the world, for the benefit of the Government of North Korea."

Continue reading
GitHub's Dependabot learns to report bad news you can use

Instead of just raising the alarm, automated code-scold will flag where the fire is

Thomas Claburn in San Francisco Fri 15 Apr 2022 // 20:17 UTC

GitHub's Dependabot is becoming more dependable thanks to its newfound ability to tell developers whether its security alerts are relevant or not.
GitHub acquired Dependabot, a tool for finding vulnerable open source package dependencies in software projects, in 2019. Since then, Dependabot has helped developers address more than three million vulnerabilities by presenting automated notifications when it finds unsafe software packages.
Flagging packages with vulnerable code is worthwhile but software developers would prefer a better signal-to-noise ratio. They want to know whether their application code is actually affected by the inclusion of a flawed library.

Continue reading

Star loses $500,000 NFT after crooks exploit Rarible market

This isn't the moving-fast-and-breaking-things future we wanted

Jeff Burt Fri 15 Apr 2022 // 19:50 UTC

Miscreants exploited a now-fixed design flaw in the Rarible NFT marketplace to steal a non-fungible token from Taiwanese singer and actor Jay Chou and sell it for about $500,000.
That's according to folks at Check Point, who on Thursday said the vulnerability could have been abused by crooks to gain full control of victims' marketplace accounts and the funds in them. Earlier this month, Chou said his NFT was stolen in what looked like a phishing attack.
When researchers Roman Zaikin, Dikla Barda and Oded Vanunu investigated the security shortcoming they found that fraudsters could lure users to click on a link to malicious NFT, enabling them to take control of their marks' Rarible accounts using a standard called EIP-721.

Continue reading
Intel’s neurochips could one day end up in PCs or a cloud service

The brain-like chip technology could aid with low-power AI tasks like speech recognition

Dylan Martin Fri 15 Apr 2022 // 16:30 UTC

You may have heard before about Intel's Loihi neuromorphic chips that mimic the way brains work, but what hasn't been clear yet is how the chipmaker will make money from the experimental silicon.
In a recent roundtable with journalists, Intel Labs lead Rich Uhlig offered two possibilities: integrating Loihi in a CPU for PCs to perform energy-efficient AI tasks and potentially offering the its neuromorphic chips as a cloud service, although Uhlig was clear he wasn't firming actual product plans, just projecting what could theoretically happen in the future.
"Right now with Loihi, we're at that point where we think we're onto something, but we don't actually have product plans yet. We're sort of earlier on in that work stream," he said last month.

Continue reading
Cybercriminals do their homework for latest banking scam

What could be safer than sending money to yourself through your own bank?

Brandon Vigliarolo Fri 15 Apr 2022 // 15:30 UTC

A new social engineering scam is making the rounds, and this one is particularly insidious: It tricks users into sending money to what they think is their own account to reverse a fraudulent charge.
The FBI's Internet Crime Complaint Center issued the warning, which it said involves cybercriminals who have definitely done their homework. "In addition to knowing the victim's financial institution, the actors often had further information such as the victim's past addresses, social security number, and the last four digits of their bank accounts," the IC3 said.
The con starts off as many that target individuals do nowadays: With a text message. In this case it's not a phishing attempt, it's an attempt to ascertain whether the person receiving the message is susceptible to further manipulation. Posing as the target's bank, the message asks whether a large charge ($5,000 in the example the FBI gives) was legitimate and asks for a reply of YES or NO. Replying no leads to a follow-up text: "Our fraud specialist will be contacting you shortly.

Continue reading

Google issues third emergency fix for Chrome this year

The latest patch is aimed at a type confusion vulnerability that is actively being exploited

Jeff Burt Fri 15 Apr 2022 // 12:49 UTC

Google is issuing fixes for two vulnerabilities in its Chrome web browser, including one flaw that is already being exploited in the wild.
The emergency updates the company issued this week impact the almost three billion users of its Chrome browser as well as those using other Chromium-based browsers, such as Microsoft Edge, Brave and Vivaldi.
It is the third such emergency update Google has had to issue for Chrome this year.

Continue reading
COVID-19 contact tracing apps were suggested as saviors. They sometimes delivered

Privacy fears didn't materialise, but bungling did

Tom Claburn, Laura Dobberstein, and Simon Sharwood Fri 15 Apr 2022 // 11:27 UTC

COVID Logfile IV As the SARS-CoV-2 virus and the COVID-19 disease it creates spread rapidly across the world in early 2020, governments that grasped the gravity of the situation wondered if technology could help them control the pandemic.
Some considered open-source intelligence gathered by the likes of Facebook and Google. Others wondered if records from ATMs or credit card payment terminals could be useful.
The intent was the same in both cases: governments felt that if they could learn where infected people had been, and who else may have encountered them, it would be possible to identify those at risk – and tell them they should isolate instead of continuing to mingle and maybe spreading the virus. Such data could also help contact-tracers, health professionals who were already adept at chasing diseases through society.

Continue reading
Review: Huawei's Matebook X Pro laptop is forgetful and forgettable

Blows hot and cold, and gets right up your nose

Simon Sharwood, APAC Editor Fri 15 Apr 2022 // 09:33 UTC

Desktop Tourism Rightly or wrongly, Huawei has acquired a reputation for being a risky proposition, security-wise. It almost beggars belief, then, that the Chinese goliath's flagship Matebook X Pro laptop contains a literal hidden webcam secreted under a fake function key on the top row of its keyboard.
Touch the key and it clicks lightly, then springs up to reveal the camera.
It's a terrible place for the camera because when the laptop is flat on a desk and close enough to type on, the view it affords would probably please an ear, nose, and throat surgeon conducting a remote examination. Needless to say, that angle is not going to show your best side during a Zoom or Teams session. And you can't change the angle without moving the entire laptop into odd positions or placing it too far away to type.

Continue reading
You can buy a company. You can buy a product. Common sense? Trickier

Taking the Metal Mickey as customer complains that none of the equipment works

Richard Speed Fri 15 Apr 2022 // 07:30 UTC

On Call An important lesson in conductivity lies in wait for the unwary or downright incompetent. Welcome to another tale from the On Call archives.
Today's story comes from a Register reader we shall call "Peter" (not his name) and concerns his experience at an electronics company at the turn of the century. The company had been acquired and, as is so often the case, the new owner was getting to grips with what the purchase meant.
"The company had tried to build our PCB test equipment," Peter told us, "but none of it worked."

Continue reading
North Korea's Lazarus cyber-gang caught 'spying' on chemical sector companies

Crypto-coin theft isn't enough to keep these miscreants busy

Jessica Lyons Hardcastle Fri 15 Apr 2022 // 02:30 UTC

North Korea's Lazarus cybercrime gang is now breaking into chemical sector companies' networks to spy on them, according to Symantec's threat intel team.
While the Korean crew's recent, and highly profitable, thefts of cryptocurrency have been in the headlines, the group still keeps its spying hand in. Fresh evidence has been found linking a recent espionage campaign against South Korean targets to file hashes, file names, and tools previously used by Lazarus, according to Symantec.
The security shop says the spy operation is likely a continuation of the state-sponsored snoops' Operation Dream Job, which started back in August 2020. This scheme involved using phony job offers to trick job seekers into clicking on links or opening malicious attachments, which then allowed the criminals to install spyware on the victims' computers.

Continue reading

ABOUT US

MORE CONTENT

SITUATION PUBLISHING

The Register - Independent news and views for the tech community. Part of Situation Publishing

SIGN UP TO OUR DAILY NEWSLETTER

Security Scorecard

Biting the hand that feeds IT © 1998–2022

Your Consent Options Cookies Privacy Ts&Cs