The ubiquitous USB ports on our computers have continued to prevail despite challenges from competing interface technologies. We don’t think much about them, except to know that all our gadgets have them, even though the port types on the device end may vary a little. But in the last year or so, some serious security issues are surfacing with these USB ports, and you should be concerned.
Last year, news broke about a BadUSB, a hack that reprograms the embedded firmware on USB devices to give them new, covert capabilities. These hacks easily escape anti-malware detection before there aren’t any files infected. There’s no malware running in the computer per se. The hack is in the embedded firmware of a USB gadget, such as a USB flash drive.
There hasn’t been anything like this before. There’s nothing you can disinfect on your computer. Reformatting an infected USB flash drive will not help. The only solution is to eliminate the malicious code from the device’s embedded firmware.
The advice, then, was to avoid using any USB gadget that you’re unsure is clean. That means, for example, you should not use USB flash drives from other people, and you should not pass your USB flash drives to others or even to use them on other computers. Transferring large files between computers is going to be rather inconvenient from now on.
That’s not all there is to it. This year, we now have a USB Killer flash drive that can, actually, physically damage your computer. Yes, we’re talking about hardware damage such that your computer won’t work anymore.
USB Killer works by charging its onboard capacitors from the USB host device, i.e. the computer, then unloading -220V of juice back to the computer, frying the computer in the process. All it takes is a few seconds. An older version of USB Killer sent down -110V, which can be similarly damaging to any computer.
The scary thing is that USB Killer can look like an innocuous flash drive. You wouldn’t have a clue until it is too late.
Now, you should think twice about picking up any random USB gadget and plugging them into your computer. Not just because they can deliver an undetectable malware, but they can also now send your computer to the graveyard. In fact, you should also be wary about using other people’s USB device, or lending yours to others.
ps: This post came about because I recently had to transfer some large files to another person at work. Coincidentally we didn’t have any USB flash drives on hand, but how convenient that we both had a Mac and could simply transfer files via AirDrop.