USB sticks seem like simple, safe, versatile, devices for conveniently moving documents around. Their versatility is their biggest weakness though, and in the wrong hands a humble USB stick can become a highly dangerous source of attack.
CBR looks at the times USBs became a computer killer.
1. Dark Purple
A Russian security researcher called Dark Purple has shown a USB stick that fries any device that it is inserted into, by sending 220 volts through it, in a video posted on YouTube. The video shows that within seconds of the USB stick being inserted the computer goes dead, and cannot be turned again. The same happens for any device with USB capability with which the device is used.
2. Killer USB
A similar principle to the above, Killer USB destroys any machine it is placed into, although it does not appear to be connected to Dark Purple. The team behind Killer USB is though based in Russia, and is trying to raise $10,000 for the project, with each USB costing $99. The idea is to make your data unreadable in case of attack.
3. BadUSB
One of the most famous USB hacks, unveiled at Black Hat in 2014. BadUSB reporgrammes USB controller chips, exploiting the versatility of USB to turn it into something altogether more dangerous – for example, a keyboard typing keys to trigger attacks. While the original researcher, Karsten Nohl declined to publish the code, two others, Adam Caudill and Brandon Wilson did, releasing the attack into the wild. Caudill and Wilson soon after released a partial, and complicated, fix.
4. Two way infection
Another trick Caudill and Wilson pulled off was a hack that could have, in theory, spread an epidemic of malware via USB devices. They invisibly injected malware into files as they are copied from a USB device to a computer. A second invisible USB function in the malware would mean infections would be spread to any device plugged into the USB port. The potential of this attack was so devastating that Caudhill and Wilson did not release the code.
5. Win32/USB Stealer
Researchers wrote about this in 2014, it again has its origins in Russia. This attack allows breaches of air-gapped machines with sensitive data via removal devices by connecting the infected removable device in both web connected and air gapped machine, to collected interesting files.