MG's Mr Self Destruct project takes the USB Killer to new levels, combining a $1.50 system-on-a-chip with a variety of payloads: smoke bombs, "sound grenades," and little explosives, cleverly choreographed with keystroke emulation, allowing the poisoned drive to first cause the connected computer to foreground a browser and load a web-page that plays an appropriate animation (a jack-in-the-box that plays "Pop Goes the Weasel" with the drive's explosive detonating for the climax).
Read the rest
Mich from ha.cking bought a $25 "S8 data line locator" device -- a cellular spying tool, disguised as a USB cable and marketed to the general public -- and did a teardown of the gadget, offering a glimpse into the world of "trickle down surveillance" where the kinds of surveillance tools used by the NSA are turned into products and sold to randos over the internet for $25.
Read the rest
BadUSB is bad news: malware that targets the firmware in your USB port's embedded system, bypassing the OS, antivirus software and other countermeasures. Read the rest
Prolific and dramatic security researcher Samy Kamkar (previously) has unveiled a terrifying device that reveals the devastating vulnerabilities of computers, even when in sleep mode. Read the rest
For €49.95, you can own a "USB Killer" that "instantly and permanently disables unprotected hardware" with a 200V DC shock. The €13.95 USB KILLER TESTER
is a shield that blocks the killer from actually delivering its voltage to your machine (buy the tester, get the killer for half price). (via Schneier) Read the rest
Samy Kamkar has a proof-of-concept attack through which he plugs a small USB stick into an unlocked Mac OS X machine and then quickly and thoroughly compromises the machine, giving him total, stealthy control over the system in seconds, even reprogramming the built-in firewall to blind it to its actions. Read the rest
After a redditor claimed to have gotten a computer virus from factory-installed malware on an e-cig charger, the Guardian reported out the story and concluded that it's possible. Read the rest