USBs have been used for long to infect systems and
to steal data. This is done by first infecting the concerned USB with
a customised malware and then running the same on the target computer
or system. Wherever physical access to the target system is not
available, the USB can be simply left within the visibility and reach
of the person managing such system. This social engineering tactics
is very effective even today and in majority of cases the system
administrator runs such infected USB upon his system.
Some users also allow autorun option for the media
outputs including USBs. This is a serious cyber security risk as the
malware would automatically start running and installing with such an
option. By default autorun must be disabled by the users for security
reasons.
For long, USBs have been used for corporate and
cyber espionage. Now USB has also become a tool of cyber warfare as
it can be customised to create damage rather than corrupting the
system. A Russian hacker/researcher created
a USB that can crash the victim system once the modified/hacked USB
is plugged into it.
The researcher, nicknamed Dark Purple, hacked
a standard USB stick, and installed an inverting DC-DC converter and
some capacitors bought from a Chinese website. When the USB is
plugged in, it charges the capacitors to -110V before shutting down.
Next, a transistor discharges the stored electricity through the USB
port’s data pins. This continues until the capacitors are down to
-7V, at which point the DC-DC converter is switched back on, and
begins to charge the capacitor back for the next cycle.
The basic idea of the USB drive is quite simple.
When we connect it up to the USB port, an inverting DC/DC converter
runs and charges capacitors to -110V. When the voltage is reached,
the DC/DC is switched off. At the same time, the filed transistor
opens. It is used to apply the -110V to signal lines of the USB
interface. When the voltage on capacitors increases to -7V, the
transistor closes and the DC/DC starts. The loop runs till everything
possible is broken down.
USB ports are typically well protected from
electrical attacks, but the inverting
DC-DC converter gets around these defenses – and eventually
overloads them to damage the PC’s sensitive inner electronics.
Clearly cyber security and the defence against cyber warfare have to
be moved to the next level as present day’s safeguards are not
enough to ward off these customised and stealth cyber attacks.
Source: Global
Techno Legal News And Views.