How to protect from the USB Kill Stick

[Whales]

@dom0: although motherboards are not impossibly priced, the economics stacks in favour of the USB killer.  The usb-killer is cheaper than a motherboard (and can potentially get re-used, if you can get it back).  In a worst case intentional-attack scenario it's cheaper to be the killer than the victim.

If we can reverse this situation then we are going in the right direction.  It's worthwhile considering total cost (not just the money for the new mobo): investigation, time, hassle, emotional, etc.

[chriswebb]

But why?

So yeah, you destroyed this whatever device that has a USB port, what now? what's the point? do you get money from that? why would anybody need it at all?
Usually people steal for money, kill for revenge\money\whatever.
but destroying a device for no reason? 

This may not be a great question to ask considering the ramifications, but I am wondering hypothetically if this device would be useful to people trying to get items replaced before a warranty expires.  Would the damage point to sabotage or would it look like the pc board had a fault?

edit: and no I am not asking for "a friend" or anything like that, I am just curious.

[electr_peter]

USB Kill Stick is a dubious device with vandal purpose. It is similar in intent to poisoning drinking water supply with real poison or some nasty chemicals/medicine. Or putting nails and sharp glass pieces on the road to damage tires (for the fun of it). In other words, it is a pure vandalism at it's best worst.

Vandals of such sort is a reason why we can't have many more good things in public. Defence measures against such vandal techniques are very limited, if any, and not economical. Best defence is offence in this case. If you see such a person in action, you better make sure he/she understands what he/she should get in return for such actions.

[setq]

I'm a proponent using a mechanical solution i.e. filling up all the holes in a computer with hot snot, then locking it in a metal box bolted to the desk, then introducing a policy of "if you plug anything in I will personally insert a traffic cone into your bottom wide end first".

A random USB stick full of nasty is far more dangerous than a popped USB controller or main board from some clown with a USB stick with a transient voltage generator in it.

[janoc]

This may not be a great question to ask considering the ramifications, but I am wondering hypothetically if this device would be useful to people trying to get items replaced before a warranty expires.  Would the damage point to sabotage or would it look like the pc board had a fault?

edit: and no I am not asking for "a friend" or anything like that, I am just curious.

I doubt that this would get covered by warranty when you have charred components/traces or parts blown off the board. It would be obvious to any tech that the board has suffered some sort of power surge and such events are generally not covered.

[LaserSteve]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.  Which is why I only allow fresh, vetted,  USB sticks which are low level formatted on a non-Windows device at each use. When your 100,000$ machine goes down from a virus or worse, its no fun to tell a Prof he/she  just has to set and wait leaking grant money till I can get something fixed. IF I can find budget to fix things.

Keep in mind a day of FSE time in the academic world can approach /exceed 1500$ plus Parts, Travel, Per Diem, Hotel, and Expenses. No FSE I know keeps a instrument motherboard in his toolkit, either, so that can become  a two  day or more business day  wait  for FedEx, plus however long it takes to flash/program/.configure the board.


I have already dealt with what I believe to be a student's stick that had firmware infused with a bug.... We get constant warnings about memory devices out there with really nasty stuff in hardware/firmware.


Things like this fake stick keep me up at night, sometimes. If someone went from PC to PC in our one undergraduate lab, that would be 24 machines damaged/down/dead. We don't have budget for that kind of contingency. 

Its not a novelty, it could be an economic weapon in the hands of a misfit.  Around here, it's use would result in criminal charges and civil penalties.
I hope customs could keep them out by considering them a  "criminal tool".

Thus for critical stuff, I supply the sticks or another means of moving data. Which is pretty limited when it is a standard practice around here to keep lab machines off the net to prevent  "Updates" from becoming a bug, not a feature. Push data off, never allow anything to be pulled on.


Steve

[TheBay]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.  Which is why I only allow fresh, vetted,  USB sticks which are low level formatted on a non-Windows device at each use. When your 100,000$ machine goes down from a virus or worse, its no fun to tell a Prof he/she  just has to set and wait leaking grant money till I can get something fixed. IF I can find budget to fix things.

Keep in mind a day of FSE time in the academic world can approach /exceed 1500$ plus Parts, Travel, Per Diem, Hotel, and Expenses. No FSE I know keeps a instrument motherboard in his toolkit, either, so that can become  a two  day or more business day  wait  for FedEx, plus however long it takes to flash/program/.configure the board.


I have already dealt with what I believe to be a student's stick that had firmware infused with a bug.... We get constant warnings about memory devices out there with really nasty stuff in hardware/firmware.


Things like this fake stick keep me up at night, sometimes. If someone went from PC to PC in our one undergraduate lab, that would be 24 machines damaged/down/dead. We don't have budget for that kind of contingency. 

Its not a novelty, it could be an economic weapon in the hands of a misfit.  Around here, it's use would result in criminal charges and civil penalties.
I hope customs could keep them out by considering them a  "criminal tool".

Thus for critical stuff, I supply the sticks or another means of moving data. Which is pretty limited when it is a standard practice around here to keep lab machines off the net to prevent  "Updates" from becoming a bug, not a feature. Push data off, never allow anything to be pulled on.


Steve

I wonder if there is anywhere this device can be reported to the powers that be as a "Weapon/Criminal Tool" this device should not exist.
It serves no purpose other than malicious damage or vandalism.

[Fungus]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.

You'd think an educational institute could, um, educate their students about them.

Let the students know these things exist.

[RGB255_0_0]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.

Let the students know these things exist.

Tempting fate then.

[tszaboo]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.

You'd think an educational institute could, um, educate their students about them.

Let the students know these things exist.

It is a problem in the USA, so I suggest either of the following solutions:
- Armed police protecting the USB ports
- More guns
- Drones
- JJ Abrams directing: Star Wars episode XVII. The USB Killer strikes back (which is also a reboot)

[senso]

I'm a techie  at a major university.  One of these can wreck havoc across a campus, and cost us beaucoup taxpayer Dollars from the emergency fund.

You'd think an educational institute could, um, educate their students about them.

Let the students know these things exist.

Students aka kids would love to "prank" their friends with that.
At least the user base of Mac users would drop like a rock if those things get commom place in the USA.

Given that in my time, spending time with wireshark and firesheep was considered fun times during class times, doing ARP poisoning, or just going personally to some un-attended switch with a laptop and a ethernet cable were also good options of a "good time", frying laptops with a usb pen would be pretty high in the priorities of some people..

[zapta]

How do you protect a USB port so that the device you are designing is immune from this kind of power surge problems?

Why stop at protecting? You should design a circuit that will fight back and kill the USB killer.

;-)

[trophosphere]

What if you isolated the data lines using SPDT/DPDT relays? Have the normally closed end go to a voltage comparator (with input protection of course) with a programmable delay and if the voltage is within limits for a set amount of time then energize the relay so that the device and host's data lines are now connected. It shouldn't mess with the normal USB communication as the device will not be "detected" until the data lines are connected.

It seems straight-forward and one could build a prototype in a couple of minutes assuming they have the components on hand.

[trophosphere]

Semiconductor relays can not offer then Ron/Cds/Vds balance needed for 200V USB3.0 port protection, while mechanical relays? For 5Gbps link? Oops.

I'm talking about using mechanical relays for USB2.0 as signal integrity should be acceptable. I don't understand the second part of your statement.

[T3sl4co1l]

Nothing wrong with RF relays, just the commutation time is ~ms.  The surge is long over and passed by then, so you still need something to handle it.

A GDT would be the next best bet, triggering in < 1us maybe, and clamping to a modest (tens of?) voltage.  The remaining voltage (and transient) can be taken up by some resistance and conventional ESD protection, probably still achieving a reasonable High Speed eye.

Tim

[trophosphere]

USB3.0 uses 5Gbps. Mechanical relays won't at such frequencies.
Even for a USB2.0 signal, eye diagram would be horribly nasty after passing a mechanical relay. There is a reason why it needs to be kept differential all the time.
It may still work, but link loss budget will be considerably smaller, so the system would be more susceptible to interference or long cable.

Ah, thanks for the clarification. We all know there will be signal degradation in virtually all protection schemes which employ things in the signal path. It's all a matter of how much SNR one is able to tolerate which I don't know much of since I don't deal with anything more than tens of MHz. Other idea could just be a sacrificial buffer/isolation chip (housed in its own dongle) that goes between the device and host like the ADUM4160 from Analog Devices for USB2.0.

[NiHaoMike]

http://usbip.sourceforge.net/
Just needs some cheap device to run on. Distance it enough and with a wireless link, even a direct lightning strike would be stopped.

[DmitryL]

USB killer updated! Now in Type-C! Hurry, limited stock!

https://habrahabr.ru/post/310442/

[anfang]

USB killer updated! Now in Type-C! Hurry, limited stock!

https://habrahabr.ru/post/310442/

Wow, a 2016 Macbook with USB-C sort of survived!

[RGB255_0_0]

Was only 100V.