USBs have been used for long to infect systems and to steal data. This is done by first infecting the concerned USB with a customised malware and then running the same on the target computer or system. Wherever physical access to the target system is not available, the USB can be simply left within the visibility and reach of the person managing such system. This social engineering tactics is very effective even today and in majority of cases the system administrator runs such infected USB upon his system.
Some users also allow autorun option for the media outputs including USBs. This is a serious cyber security risk as the malware would automatically start running and installing with such an option. By default autorun must be disabled by the users for security reasons.
For long, USBs have been used for corporate and cyber espionage. Now USB has also become a tool of cyber warfare as it can be customised to create damage rather than corrupting the system. A Russian hacker/researcher created a USB that can crash the victim system once the modified/hacked USB is plugged into it.
The researcher, nicknamed Dark Purple, hacked a standard USB stick, and installed an inverting DC-DC converter and some capacitors bought from a Chinese website. When the USB is plugged in, it charges the capacitors to -110V before shutting down. Next, a transistor discharges the stored electricity through the USB port’s data pins. This continues until the capacitors are down to -7V, at which point the DC-DC converter is switched back on, and begins to charge the capacitor back for the next cycle.
The basic idea of the USB drive is quite simple. When we connect it up to the USB port, an inverting DC/DC converter runs and charges capacitors to -110V. When the voltage is reached, the DC/DC is switched off. At the same time, the filed transistor opens. It is used to apply the -110V to signal lines of the USB interface. When the voltage on capacitors increases to -7V, the transistor closes and the DC/DC starts. The loop runs till everything possible is broken down.
USB ports are typically well protected from electrical attacks, but the inverting DC-DC converter gets around these defenses – and eventually overloads them to damage the PC’s sensitive inner electronics. Clearly cyber security and the defence against cyber warfare have to be moved to the next level as present day’s safeguards are not enough to ward off these customised and stealth cyber attacks.