Someone joked that this would be useful to ensure people won't randomly plug USB drives into their computers. Sounds insane, except that...
"During a stop-over in Hong Kong, he finds a spare USB key in his hotel room. Curious, he inserts it into his laptop. By the time he arrives in Australia, his computer is infected."[1]
This was the one of the infection vectors for a large flare-up between the Chinese government and a number of Australian based mining companies, all well before the Snowden leaks that have only made the world more complex.
Given the choice between frying an employee's USB / computer (small monetary loss) and allowing trade secrets to fall into the hands of competitors / customers (large monetary loss), it's not crazy to opt for the former.
Standard practice has even gone further. A colleague of mine purchases fresh laptops for when he goes overseas and then never uses them again. He doesn't even work in an industry where commercial secrets are common. I'd hope that anywhere that features security implications or commercial secrets would also act at this level.
Perhaps an innocuous version of this, which starts a high pitch whistle, would be useful in a corporate environment. Less destructive but resulting in the the same security awareness.
A standard procedure in somewhat-security-concerned firms is that when you travel, you go and get a freshly installed travel laptop (a loaner) from IT dept, use it on the trip, and after the trip, you return it to the department that wipes out everything on the disk and re-images it.
This wouldn't protect against things like firmware-based malware, attacks that major three-letter spy agencies could deploy when they focus on a target, but because there is no absolute security and measures need to be balanced to the threat scenario, this is a model that works pretty well.
>A colleague of mine purchases fresh laptops for when he goes overseas and then never uses them again. He doesn't even work in an industry where commercial secrets are common. I'd hope that anywhere that features security implications or commercial secrets would also act at this level.
IMO that's an overkill. Why not just use ICloak [1] or Tails [2]? They are both Linux distributions which boot from USB stick without touching hard drive, randomize MAC address and give you access to Tor and other goodies.
I think the bigger concern (which has been backed up by recent research) is that there are vulnerabilities in the hardware that might be exploited to install malicious software. If that software lives in a BIOS or a hard disk firmware wiping your hard disk will not protect you.
That model may not always work well. At least one country I know of interviews you at your point of departure as to whether your IT department has recently had your laptop in their possession.
Sure they may interview, but how does that make the model not work? The answer is going to be the same every time: of course my laptop is regularly in the possession of the IT support organisation.
I seriously doubt that you could manage to start a fire from the device in question.
First the total power of the USB port is ~2,5W on average and given the constraints of the device in terms of size (~ a normal USB thumb drive) you cannot realistically store this more than a second or so (e.g. 100V in 1000µF is only 10 Ws).
With 2.5W you can make things hot to touch, but for igniting anything flamable, you'd have to design some thermally decoupled element to dissipate the power, and get glowing hot (e.g. a small coil of resistance wire in a car's cigarette lighter). Unfortunately devices on a PCB are normally very well thermally coupled to said PCB, so the energy spreads fast limiting the temperature of the individual components. Also things on a PCB tend to break at much lower temperatures than what you'd need to ignite anything. Also they will already desolder themselves at ~200 degC.
When I read some of that stuff back in 2010 I was curious why some of the targets didn't try to understand how they were compromised and then publish the details. Especially attacks with such an, errr, tangible vector of infection.
Clearly some attacks are quite stealthy and difficult to characterize, but some are not, and in the 2010-era reporting about Chinese computer espionage against travelers to China many targets seemed to believe that they had confirmed the compromises.
So people could have taken a computer with some extra sensors or logging processes, a different OS than usual, and then publish the results, helping defend similarly situated others, including their own coworkers. If they believe the attacks are pervasive today, they could do this today.
Whilst an option, I feel it's a bad one if security is actually a priority.
Having worked at companies who actually have a high level concern over computer security, telling someone simply isn't enough. Being told is passive. Passive defence and active defence are two entirely different states of mind. Defending against an attack needs to be active and instinctual. Every time you open, close, or set down your laptop, a small part of your brain should be thinking about it. In computer security, a single failure is enough to lose control, so it's useful to have an environment that reflects that.
A simple example is being told to keep your terminal locked. This is a common rule for most workplaces but is usually met with dismal failure. One of the companies I worked at actually made a game out of leaving your terminal unlocked. I can tell you, after a few days of your colleagues kindly laughing at you returning to a screen full of Internet memes, you instinctively Ctrl + L upon standing up, even if it's to walk to the windows to look at the view.
Why is it important I lock the screen even if standing a metre away? My friend walks by whilst I'm staring at the view and invites me to [coffee|walk|game|X]. Security has already left your mind and you head off to do [X], leaving your terminal unlocked. Even worse, your screen might auto-lock in a few minutes, giving you a false sense of security when you return. Even if it was unlocked when you returned, you'd likely get back to work, not realizing your error.
Making security a game is a good way of instilling the practice. Colleagues make for cunning adversaries and make you actively defend yourself. This defence is useful against both pretend threats and real ones. Wargames are wargames for a reason.
> One of the companies I worked at actually made a game out of leaving your terminal unlocked. I can tell you, after a few days of your colleagues kindly laughing at you returning to a screen full of Internet memes, you instinctively Ctrl + L upon standing up, even if it's to walk to the windows to look at the view.
This was unofficial but standard practice at a support center I once worked at. It was a terrible work environment for other reasons, but individual computer security was great because the new guys very rapidly learned that leaving a computer unlocked left you a prime target for background changes, YTMND pages hidden behind other windows, the Dell ctrl+alt+up thing, etc.
A guy in my previous work came to me for help, we did some remote desktop to his machine from mine, only to find a big dick drawn in ms paint by someone... kind of funny, but the guy was a bit shocked and felt embarrased, not knowing what to do I simply ignored it as nothing has happened.
If they can install they will and it will continue until someone starts firing people over it.
If they cannot install, prepare to get scolded when they cannot install fileshare clients, flash games, "codecs", -you name it: they'll install it if there is even the slightest chance it will let them watch something they wouldn't be able to watch without.
I sometimes have an image inside my head what it would be like if chefs would be like office workers in this regard: sharing their knives with friends and family, drag their knives into the garden, use them to poke in the sink, stir the paint etc.
Best comment from the page: "It needs to have en eInk display to say 128, 129"
Such yes.
...
I was walking past a tall wooden fence the other day, you know the kind you see outside a building site. As I walked along beside it I heard chanting coming from behind the fence further up... they were chanting numbers, or rather just one number.
"Thirteen, thirteen, thirteen, thirteen, ..." they excitedly chanted. It sounded like a small crowd, young and old; men, women and children. All of them saying the same number over and over.
As I approached I saw a small hole in the fence just big enough to look through. The hole was right where the sound appeared to be originating from.
So, with the crowd continuing to chant "... thirteen, thirteen, thirteen, thirteen" and it seeming to become more intense as I leaned down to place my eye at the hole and work out WTF was happening in there.
Just as I put my eye to the hole a small finger like that of a child poked me in the eye and the crowd stared cheered loudly and started chanting again..
"Fourteen, fourteen, fourteen..."
It would be cool to create a version of this that just sounded a really, really loud siren. Then you could leave it lying around the office, and listen out for the bunnies.
Yours is the 2015 version of the 1980s-era DOS app that displayed a fake word processor UI with the top portion of a fake but intriguing letter visible. You would leave this app running and then leave for lunch. An office snoop would see the fake letter and want to read more, then press a key to scroll down, which would activate a siren sound on the PC speaker and display some silly "you're busted" message on the screen.
On that note, using it as a pentesting device could be interesting. Perhaps just use the "beep" so the auditor can see how many people trust putting anything into their PC, then at the end cite USB killer.
Possible at a pinch, the flyback I was using right there was about the size of a walnut. You could lay most of it out flat with the voltage multiplier and encase the whole thing in epoxy for (ha) safety.
I really wanted to go much higher with the voltages, but the amount of noise this thing puts out de-focuses the camera.
You could fit one into a portable hard drive case, though. Presumably along with an electric motor to make the appropriate noises when whoever you really don't like tries to plug it into their laptop.
Reminds me of a story I heard many years ago. UK power plugs have three prongs to include earth. If you rewire earth, live and neutral AND alter the plug wall socket to match, then all is well, but if someone steals your PC then plugs it in using a standard wall socket then ouch.
When my grandparents died and we sold their house (in the uk) we had some builders in to tidy up some stuff and they discovered that in a big part of the house the earth was actually wired to live in the sockets. They'd lived with it for 40 years or something. Guess not many devices actually use the earth.
(The wiring was originally done by my grandad'a brother - use a professional people...)
This tester can simulate a 10A or 15A load and measure voltage drop, which should remain within 5% of its unloaded value (this is the recommendation in U.S. code). This can identify situations where connections are weak, or wires are too long or too thin.
It has also helped me to improve my wiring practices. It turns out that keeping voltage within 5%, under a 15A load on a 20A circuit, is pretty demanding, and a series of (say) 8 or 10 twisted connections may not meet it, if you are not careful with your technique.
The device can also test GFCI outlets by allowing some current to leak to ground. This provides an end-to-end test in situations where the GFCI is not present at the outlet.
I lived in a place where someone managed to swap wires at one of the switchboards. There was no ground (not that uncommon), so the supposed 0 was wired to the ground at the sockets (that's what you should do). What it means with German/French-combo style socket is that phase (+/-230V AC) was wired to metal parts sticking out of a socket or any grounded appliance plugged in.
Everything plugged into affected sockets seemed to work just fine. Even a desktop computer + monitor. We only found out because roommate was getting electric shocks from the metal PC casing.
I used to work in a school where students reported electric shocks from the laptop computers. The "electrician" came and unbelievably, wrapped a wire round the earth pin of a plug, and bolted the other end to a desk. Apparently it solved the electric shock problem which I guess was static.
The original story actually relates to a computer running a BBS back in the 90's. The plugs were duck taped to sockets and signs more or less read "do not unplug... ever".
When the place was raided by the police and the computer confiscated, the fun and games began.
They're ugly as hell, and insanely painful if you tread on them, but UK plugs are a bastion of good engineering.
Things like not being able to stick things into the line/neutral holes unless the ground pin (which is longer) is inserted make them very safe, and the plastic lower part of the line/neutral pins to stop you accidentally touching something that will have current running through it until the plug is safely inserted is inspired.
I know Britons love their plugs, and I have never quite understood why. They look brutish, clunky and over-engineered. The opposite of elegant.
The reason why they have fuses is so you can use ring circuits, which saves copper compared to the usual radial wiring. So its just about saving a little money.
Everyone now gets to state his favourite plug type. Bring it on!
Mine is the swiss Type J (http://www.worldstandards.eu/electricity/plugs-and-sockets/j...). Its safe, not an eyesore and very space efficient. Its safe against voltage reversal, usually has a protective shroud and the ground pin is contacting first. Well engineered, very swiss like.
Does anyone actually care that their plugs are elegant? In any case, your Type J is missing the fact that in the UK, the cables point down towards the floor rather than sticking out, keeping them flush with the wall and often allowing you to hide the plugs behind things.
> Does anyone actually care that their plugs are elegant?
Some people do, I think its an expression of culture. Its hard not to notice that the swiss and the nordic countries (especially Sweden and Norway) value a certain aesthetics. This expresses itself in many things, ranging from architecture to product design, art and the design of public spaces.
There is a reason swiss typography was big, and why nordic design is appreciated all over the world. It could only emerge from these cultural surroundings, its a mindset.
That plug is an expression of british engineering values. Its certainly a very well designed plug, but I also believe the reason why swiss and nordic products are more popular than british ones is that they are made with a different approach.
Probably those same values are also the reason why british music is so great, and why swiss music is... oh well, have you ever listened to mundart-rock? So I'm not saying X is better than Y, there are trade-offs involved.
Reminds me of a favorite recording of Dizzy Gillespie playing with his band at Montreux. It's a pretty reserved audience, and Dizzy, who was renowned for having a lively interchange with his audiences, said while introducing vibe player Milt Jackson:
"So far, you are a typical Swiss audience. Of course, a Swiss audience might not be the greatest audience in the world. But they will do until the real thing comes along."
The last was said mirthfully, pausing to emphasize each word, and the audience chuckles good-naturedly, knowing their limitations.
Swiss person here. The total length of the "plug" part of a swiss plug is actually roundabout the same as the width of a british plug. They fit just fine behind couches, shelves, etc.
of course. Did you miss the article yesterday about Macbook going with USB-C? Apple has made bank on just getting people to buy better plugs and cables (USB, Magsafe, Lightning connector, etc.). People also spend tons of money to hide cables when mounting TV screens.
Part of the niceness of the UK plug is that if you pull the cable right out of the housing, the internals disconnect in the safest order. The plug comparison sites I've found don't discuss the internals of the plugs much; does anyone know how other plug types approach this (or do they just ignore it)?
Looking at plugs, I suspect that many get round this by making the housing of the plug much more firmly attached to the cable.
They don't ignore it; Schuko (CEE 7/3) plugs also keep earth connected while live and neutral pins are pulled out. Same is true for the French (CEE 7/5) and Danish (107-2-D1) designs.
OP is talking about the failure mode when you pull the cable out of the plug - the live and neutral cables are shorter and tighter and will fail first, leaving the earth wire to fail last.
I didn't quite understand the whole concept. The idea in Schuko plugs is that you cannot pull the cable out of the plug. It's totally fixed (either inside solid plastic, or attached with a strain relief that fixes it).
edit: now that I think of it, Schuko plugs of the install-yourself kind where you can attach cable with a screwdriver (not solid plastic with the cable) are done so that the earth cable is longer than L/N are inside the casing.
Most combination Schuko/French plugs I've seen recently are even designed in such way that when all wires are same length then the PE one has larger slack inside the plug.
I think they're elegant. The cable points downwards rather than just outwards like most others (US/EU). They have a nice finished edge that's easy to grip rather than a moulded piece of angled plastic.
Norwegian plugs must be the UK plug's arch enemy, not grounded until the very last, 2 pins (the ground is on either side of the casing) and the sockets are at 0, 45 or 90 degrees (leading directly to exclamations of "Fuuck!" from this Brit.
What fuse/circuit breaker do you put in the fuse panel with radial wiring? It's got to cope with the largest appliance you'll put on that circuit. With British plugs, a low-current device such as a lamp should have a 3 amp fuse, so it blows before the thinner 5A-rated wiring to the lamp melts.
The problem with British plugs though is the rectangular pins. Mechanically, it's simpler to get a good large contact surface area with a circular pin in a circular socket. You do sometimes come across UK sockets which have been slightly damaged and get hot because the contact resistance is no longer negligible.
You're right. We should change an established, proven design to make it prettier. I don't understand why it's taken so long for someone to speak out. Stop the presses!
Very safe theoretically, but in practice (with Malaysian UK-type plugs, full disclosure) I've seen people casually shove pens and even metal spoons in the ground to force the socket to accept their ungrounded laptop plug.
I have done that, when I was young and stupid and didn't have a UK compatible plug. I have also witnessed a many people doing it.
You can also trick it by doing a sort of dance with te plug where you partially force in the ground, then one live, then you spin it and put the other one in.
The day we have USB wall sockets can't come soon enough.
I would have to tell my phone not to believe everything some house computer (on Earth or Bespin) tells it. At least with USB, my phone is less likely to mistake the power plug for the data plug, because it's all the same.
> Things like not being able to stick things into the line/neutral holes unless the ground pin (which is longer) is inserted make them very safe, and the plastic lower part of the line/neutral pins to stop you accidentally touching something that will have current running through it until the plug is safely inserted is inspired.
Same in Australia, of course you can still go off an buy and Apple Laptop charger with no ground.
I don't know why you singled out the MacBook charger.
The relevant Australian Standard (AS/NZ 3820, I think?) tells you an electrical appliance doesn't need to have an earth pin if it's double insulated, which the MacBook charger, and the stick blender in my kitchen, amongst others, are.
Source: I'm certified for Electrical Test & Tag in Australia.
We used to use Schuko plugs here in Ireland, but switched to type G plugs for convenience and trade reasons back in the '60s. I think my grandparents' house still had some Schuko sockets about the place.
Personally, I'm not too bothered either way. I don't find either any more or less annoying as they're both pretty bulky, unless you're using Europlugs, which lack most of the benefits of Schuko plugs.
Still nothing compares in its awfulness to North American plugs. Aussie plugs are similar, but they had the good sense to tilt the prongs at an angle to give the plug better mechanical stability.
I consider Schuko plugs to fall somewhere between the british and the swiss plug. It certainly is a little too big for what it does, and also hard to unplug. That 16A rating is nice, though.
Schuko plugs are a pain in the ass, because more often then not they require brute force to unplug them (or even just plug them in). Also doesn't help the lifespan of powerstrips.
Being able to plug them in ungrounded Euro sockets is handy, but also makes them less safe.
This is because Post-WW2 UK houses were wired as one giant ring circuit, while in the rest of the world there generally was a fuseboard with every fused circuit connected to a few sockets. This saves wire (copper) but requires every plug to have a fuse.
I do not now if modern UK homes are still wired like this.
In modern times the individual fuse still makes it safer, but it is also one of the reasons UK plugs are so large and clunky.
They definitely shouldn't be.... IANA electrician, but as far as I am aware UK regulations require separate power and lighting circuits and a proper distribution board with RCBs.
And while our plugs may be clunky, I kind of prefer them to the wobbly, spark emitting two-pin plugs that I seem to come across in the US...
I once encountered a computer that was the opposite of this; plug any USB device into it, and the device would never work again, even in another computer.
We had that recently with FTDI releasing driver update that would instantly brick any device using a counterfeit chip. Which means a lot of devices got bricked, as the manufacturers like to save money...
At work, I encountered a HD which fried SATA ports. If you plugged that HD in a SATA port of another computer, that SATA port didn't work anymore. I don't know if the HD had been damaged by the computer it was originally from, but we didn't use both that HD and that computer anymore.
There have been other stories of "contagious" hardware damage in the past, like the infamous ZIP drive "click of death", but that HD is the first one I've seen personally.
Just had that with a SATA SSD - looks like it had a power bus short and it blew a chip (dual FETs) on the caddy backplane. Lots of smoke.
Usual story: replacement part is about £0.50 and I could replace it in the lab, but postage for one part is £4.
Might see if I can get one as a sample, or from the Far East with 'free shipping'.
Many moons ago, I worked in the education sector and some smart kid ran a paper stapler up a keyboard lead, leaving it full of metal staples. The power short blew an axial fuse on the motherboard. The next user encountered a 'dead keyboard', so they swapped it for the one on the next desk..repeat 6 times before someone realised the fault was travelling with the keyboard...
Use a sharpie to draw a skull and crossbones on one side; on the other, write DANGER.
When they ask you to hand over all personal electronics, point to it and say "that's dangerous".
If, subsequently, they want to know why you were carrying it ... it was so you could fry the USB port of your own laptop if you thought someone had snuck some hardware-level malware into it.
If you tell them NOT TO DO IT and they go ahead and do it, I find it hard to see how a court could convict you of wilfully damaging their forensic equipment.
(To the extent there's any social engineering involved, it simply relies on the tendency of police to ignore or discount unsolicited information from members of the public who are under suspicion.)
Note that they won't be sticking the device in a laptop or desktop PC; specialist forensic imaging machines are used by law enforcement to duplicate data storage devices and maintain a legal chain of evidence. Oops.
I think it's the best idea ever. I mean, seriously, with all those USB-based attack vectors do anyone thinks plugging your computer to a random USB port sticking out of a wall is a good idea?
It's kind of a snide thing to do, though; every physical interchange medium, or object you might put in proximity to your computer, has physical attack vectors. Optical disks can be weakened so as to become shrapnel inside a disk drive. Magnetic tapes can be replaced with sandpaper and scratch the reader to death. Any cassette media (e.g. floppy disks) can simply be filled with glue—or, better yet, contain a small explosive.
So, there's nothing about USB that makes people especially deserving of punishment if they go using strange ones; there's a base level of societal trust required for the abstraction of a "side-effect-free data storage object" to exist in the first place.
To say otherwise is similar to purposefully driving the wrong way down the road and getting into a 28-car pile-up, and then saying that this is a lesson in how cars are inherently dangerous and people should avoid driving near strangers. The security mindset can only make you so safe; at some point, you have to trust that strangers aren't trying to kill you in order to be able to live your life.
(Though, in this case, you could just avoid all physical peripherals and ask the person to email you the file instead. At least all you can get from that is a virus.)
It's not like that. USB drives are a popular vector for transfering malware both ways. Which means a perfectly good dead drop can become infected when someone who didn't know he had malware plugs his computer in. USB dead drops are not like cars - they're like a bottle of juice chained to a wall, that anyone can drink from and refill it with whatever they want. You don't have to assume malice to expect such a bottle to be a health risk - not everyone who deposits a disease knows he is ill.
Of course I'm joking with my approval for installing boobytrapped dead drops - but the point is, connecting to a random thumbdrive sticking out of a wall sounds like a dumbest computer-related idea ever.
There are straight up isolators, like ADUM4160. For USB2, they're limited to 12mbit/sec though, because USB2 has a single bidirectional (terrible) data line.
I've often wondered what percentage of those dirt-cheap UBS devices sold on eBay are actually trojan horses. Provide a basic functional USB hub at a cut-rate price, but exploit the access to your customer's PC for nefarious purposes. Seems like an easy crime to perpetrate.
This is just one of many reasons why you should not ever stick unknown things in your healthy ports (or your healthy things in unknown ports). Not without protection. Safety first. But I'm a firm believer that people should be able to consent to this kind of behavior if they really wish to.
I've often wondered if there was some condom-like* attachment available that acted as a go-between for the USB port and a connected device that would prevent/mitigate some of the issues with sticking unknown devices into ports.
* There is a device called a 'USB Condom' but it's only for charging purposes, and completely restricts data access.
In principle, nothing outside pure mathematics is certain. In practice, a USB stick you ordered from Amazon and just took out of its packaging is far less likely to carry a virus than one you just found lying around.
One could give these out to activists around the world, they seem to be always at risk of getting their electronic devices confiscated by law enforcement.
Last year, I found a usb key on the ground, almost busted, still I'm too curious to know what's in it so I bring it home. Plug it in, then I learn a little more about the USB protocol as the kernel notifies me there's an "Over-current condition on port 3", just before a tiny bit of smoke emerges from the key.
Why? Sounds like a way to increase security awareness. Although, I suppose a huge blaring alarm might do just as well. Leave them around your office/parking lot and see who uses them. Then have a chat. Better they plug in a bad device you control vs one carrying a truly malicious payload. (Probably a good idea to attempt to phish employees, too.)
"Oh, look, someone lost a usb stick. Perhaps I can return it to them if I can identify something on it. Oh, it's just done over a thousand dollars damage to me, plus destroyed everything I have done on this computer". I've not found a lost USB stick, but I have found lost wallets and returned them. Thank god they weren't trapped because some dickhead thought it was a good way to 'teach the public in general a lesson'.
Besides, pretty much anything can be characterised as "a way" to increase security awareness, up to and including murder of the victim. The victim's friends and family will be a lot more wary of whatever did the murder - the goal of 'security awareness' has been increased. But "a way" is not the same as "a good way".
"I'm not a lawyer" etc., but I'm pretty sure that, in many if not most nations with a broadly Western judicial system, the deliberate planting of this device with the intention of causing harm will be illegal. It doesn't matter if the poor fool plugs it in: you knew what would happen. Furthermore it's arguably true that you intended it to happen. Therefore, you're a dick and you're at fault.
I dunno, making an innocent-looking object do something dangerous is "not cool" for non-technical items as well.
Say you replace the contents of one of those bright-coloured sticky sweet liquors with a similarly-coloured cleaning fluid? Then leave it in your liquor cabinet, "to teach people to not touch your stuff". I'm not even sure that's legal.
I once heard a story of someone storing their concentrated GHB (a drug, clear liquid), in a vodka bottle. If someone had accidentally poured themselves a shot of that, the consequences would have been pretty bad.
On a similar note, I'm not sure about the US, but in the Netherlands, it's actually illegal to booby-trap your own home. If an intruder gets hurt, you're liable. I don't think this law exists to protect burglars, but instead it is to protect well-intentioned unlucky people from "accidents" caused by terrible and idiotic "security" measures.
Makes me think about the car-alarm in Snow Crash, which delivered a fatal several thousand volts to whoever tried to open it without a key (or maybe it was a flame-thrower, I forgot).
This is called the Castle doctrine, and in the US it varies on a state-by-state basis. I'm not sure if it would cover "booby-traps" or not, since technically you are protecting yourself from an intruder.
Using a usb rubber ducky to take over their computer and write an email to yourself, saying something to the effect that "I was stupid and plugged a random usb key into my work machine" would be much better.
Well it depends. If you use it for malicious purposes, then yes it is not cool. But if you use it for science, then it's a bit different. I have a spare laptop that is garbage and would love to see what would happen.
I would like a version that has small GPS receiver and can sends SMS with location information when plugged in. It should works otherwise just like normal USB. (could be the size of USB HDD for example).
I understand the concept of the article, a USB device that will fry your laptop by charging and applying high voltage.
But I don't understand the excerpt about the guy writing number 129 on a USB stick and stuff. Why would he plug it in his laptop if he knew it would burn it? And if it was intential, aren't there easier ways to burn it? Thanks for explaining...
Highly unlikely that 129 people in a row respond like that though...
More likely is that someone destroys the USB device in anger, dismantles it, is too shocked to do anything, doesn't interpret the number as a counter, or doesn't want to ruin other people's computer. And, of course, that many people in a row stealing a USB device from a backpack is already unlikely in itself.
Yeah it would have been clearer if he didn't use a power of 2 for his counter's current state. Made me think it had to do with the device's storage capacity.
I'm assuming the original story was actually told as a joke, where the "128" number was intentionally misleading until the punchline at the end where he incremented the number and "payed it forward".
This immediately reminded me of the slightly infamous and almost certainly apocryphal "box" of the phreaking era for supposedly overloading and destroying your adversary's phone, or even taking down the local POTS switch. It was called a urine box most commonly, or sometimes a copper box or assassin box if I recall correctly.
This [1] seems to indicate the urine box and the assassin box were actually different, even though they seemed to achieve similar results. I'd be curious to find circuit diagrams.
what about making it a normal usb drive as well. let me explain:
when one inserts the drive, one gets asked for a password.
if you type the wrong password, the usb drive shows you some fake content, and in the background “burns down” everything it can.
if you are the owner and type the right password, you can use the usb drive normally
If one wanted something dangerous to humans, one could just pack a USB stick full of explosives and use the current from the port as a detonator. I'm sure that's already been thought of before.
I thought I remembered reading something about quite a high profile hack that was carried by infecting computers by people using USB sticks that were strategically left on the floor of a parking lot near their car.
Well, anything with an electrical connection to anything else is a potential "annihilator" of that latter thing. It's only USB's ubiquity, and its ability to supply significant current to a downstream device, which are capitalized upon here. (The latter, I concede, is useful in implementing a device destroyer, but a small battery could easily enough replace it.)
The security problems with USB are things that need to be fixed.
I think every other non-optical port on your computer is just as susceptible to electrical attack. The only real difference is that USB provides its own power.
This is a human delivery mechanism for a physical attack.
You could make a DVI cable that was covertly a water hose, but that's not a DVI problem.
USB exists in the physical world, of course there are going to be physical attacks (i.e. a crapload of current or voltage) that all physical things are subject to.
"During a stop-over in Hong Kong, he finds a spare USB key in his hotel room. Curious, he inserts it into his laptop. By the time he arrives in Australia, his computer is infected."[1]
This was the one of the infection vectors for a large flare-up between the Chinese government and a number of Australian based mining companies, all well before the Snowden leaks that have only made the world more complex.
Given the choice between frying an employee's USB / computer (small monetary loss) and allowing trade secrets to fall into the hands of competitors / customers (large monetary loss), it's not crazy to opt for the former.
Standard practice has even gone further. A colleague of mine purchases fresh laptops for when he goes overseas and then never uses them again. He doesn't even work in an industry where commercial secrets are common. I'd hope that anywhere that features security implications or commercial secrets would also act at this level.
Perhaps an innocuous version of this, which starts a high pitch whistle, would be useful in a corporate environment. Less destructive but resulting in the the same security awareness.
[1]: http://www.abc.net.au/4corners/special_eds/20100419/cyber/