Almost anyone outside of really young infants know what tasers are. Bzz-bzz! Buzz-Buzz! Yes, I'm talking about the bee-sting of high voltage current that can paralyze a criminal in their tracks, stopping them without doing permanent harm. That is how most people see the use of a taser; a non-lethal weapon that can be used to stop the "bad guys". However, bad guys might soon be using the technology against us, with a new exploitation of USB ports, to tase NOT humans, but our computers and sacred data.
The newly discovered vulnerability affects all USB ports that are on the market, and was discovered by a whitehat (friendly) hacker by the name of Dark Purple. In his freshly uploaded video, he shows his proof of concept in action, inserting the "taser flash drive" into an old laptop, and watching within 2 seconds as it tases the laptop, shutting it down and killing it. There is a chance that this tase of electricity will also destroy data, but the probability is not known.
But how does it work, and how can it be stopped? Well, let's tackle one of those questions. The process starts with the flash drive being plugged into the USB port on the computer. From there, the USB port send a small, harmless -7 volt charge begins to trickle into the flash drive, but instead of powering memory modules like a normal flash drive would, it begins to feed this power to many capacitors. Imagine this process as charging the "battery"....
/cdn0.vox-cdn.com/uploads/chorus_asset/file/4160920/x35f4eb29b9.jpg.pagespeed.ic.Xafh6O4gsk.0.jpg)
Once the capacitors build this voltage to -110 volts, it stops charging and shoves all of this current back into the laptop, causing a huge electrical current spike inside the computer. Since computers were only built to input roughly -7 volts, one could imagine the computer does not take this spike well. It causes component damage, mostly on the mainboard, CPU, and RAM, but could also hurt the hard drive. However, after it does this process once, it begins charging its capacitors again, before unleashing this critical -110 volts on the computer again. It does this, hundreds of times a second, thus, within mere seconds, the computer is killed, before the user that plugged it in even realized what was happening. Nothing like a flash drive frying an expensive computer. Many people are aware of flash drives sometimes containing viruses, and we've come up with antivirus programs to combat this, but this flash drive is the Black Plaque of flash drives. Plug it into a Windows desktop, an Apple Macbook, or even a Linux machine: it will slay all of them, with no sign of giving mercy.
But how can we protect against this problem? Do we have to be scared of every flash drive we touch from this day onwards frying our electronics? Shall librarians fret and chew nails over students frying IMC computers? Well, the simple answer is, no. At least, not yet that is. Only one of these prototypes have been made, and as far as the community is concerned, Dark Purple is not planning on manufacturing these flash drives for the public to wreck havoc in the world. He has merely published his results on the internet to inform of the vulnerability. While he has not published any diagrams or exact building instructions, it won't be long until an electrical engineer somewhere in the population of 7 billion people on our planet is able to replicate the same idea into a similar compact design and fulfill what Dark Purple has refused.
The only protection we face from this issue is future protection. Computer manufacturers will need to integrate voltage regulators on the INCOMING voltage for USB ports, ensuring that if a high voltage spike is to be received, it can be down-volted to a more manageable current that won't harm internal components. However, for all other devices that are already out on the market, we shall hope that landfills and recycling centers are not filled to the brim with tasered computers in the coming years.
-677 words
But how can we protect against this problem? Do we have to be scared of every flash drive we touch from this day onwards frying our electronics? Shall librarians fret and chew nails over students frying IMC computers? Well, the simple answer is, no. At least, not yet that is. Only one of these prototypes have been made, and as far as the community is concerned, Dark Purple is not planning on manufacturing these flash drives for the public to wreck havoc in the world. He has merely published his results on the internet to inform of the vulnerability. While he has not published any diagrams or exact building instructions, it won't be long until an electrical engineer somewhere in the population of 7 billion people on our planet is able to replicate the same idea into a similar compact design and fulfill what Dark Purple has refused.
The only protection we face from this issue is future protection. Computer manufacturers will need to integrate voltage regulators on the INCOMING voltage for USB ports, ensuring that if a high voltage spike is to be received, it can be down-volted to a more manageable current that won't harm internal components. However, for all other devices that are already out on the market, we shall hope that landfills and recycling centers are not filled to the brim with tasered computers in the coming years.
-677 words
No comments:
Post a Comment