Computers & Car Electronics Fried By USB Attack

A variety of computing and mobile devices, including in-car electronics, are vulnerable to a USB-based attack that renders them inoperable with an electric shock.

The attack is possible because the engineers designing many systems don’t include surge protection in USB ports, according to a Russian IT security researcher using the pseudonym Dark Purple.

Car tests

Last year he began selling a device called USB Kill, now in its second version, and in a recent blog post he disclosed that “at least three” car manufacturers have purchased the device.

USB Kill, which resembles an ordinary USB key, includes built-in capacitors that absorb power from the port and then sends a charge of up to 220-240 Volts through the device’s data connection.

Dark Purple also supplies a test unit that indicates whether power is being received from the device being tested, without damaging the unit.

The device, which sells for 50 euros, is aimed at penetration testers.

In a test on his own car, whose make was not disclosed, Dark Purple demonstrated that plugging the gadget into a USB port immediately disabled the dashboard computing and display system.

“While the car we tested is a dumb-car (now even more dumb), ‘smart’ cars and connected cars could lose vital systems,” he wrote.

Tablets, laptops fried

Dark Purple has published videos demonstrating the vulnerability of devices such as Lenovo’s ThinkPad laptop, and third-party videos have shown that devices such as smartphones and gaming systems are vulnerable.

Testers released videos in which a new MacBook Pro laptop, Google’s Pixel smartphone, a Nexus smartphone, Microsoft’s Surface tablet, a Sony PlayStation 4 and an Xbox One S were destroyed by an electric charge.

Other devices fared better, including Apple iPhone and Samsung Galaxy smartphones, an older iPad and a pair of Beats headphones.

In one test the screen of an iPad Pro went black and displayed flickering colours when USB Kill was attached, but when it was removed the tablet functioned as normal, while in another test the charging and data port of the Samsung Galaxy Note 7 was rendered inoperable while the device itself continued to operate.

Some devices are unaffected because they don’t supply power through their USB ports, while others, such as batteries with USB connectors, don’t receive a shock because they don’t include data lines, researchers said.

Thus far no testers are known to have tried out the device on the entertainment systems commonly built into airplane seats.

Do you know all about security in 2016? Try our quiz!