11

You may have seen the article This USB Drive Can Nuke A Computer where it shows how a flash drive shaped device can completely fry out all the components of a computer. This is very shocking (pun intended) for me as an Internet cafe owner.

But what's even scarier is the thought that someone could do this same attack over the local Ethernet cables and take out all my computers including my router without looking that suspicious.

My question is: Is the USB flash drive attack also possible over Ethernet and if so, will it affect all my computers.

Also, is there anything I can do to protect against the fake USB flash drive/Ethernet attack?

David
  • 4,504
  • 2
  • 25
  • 44
user3900751
  • 121
  • 1
  • 7
  • 9
    You protect yourself from those things the same way you protect your computers from a sledgehammer... – PlasmaHH Apr 24 '15 at 07:54
  • 6
    @PlasmaHH Shooting everyone who comes close? – Mast Apr 24 '15 at 11:05
  • 2
    Side note: I blew up my computer when I accidentally applied +24v to the +5 USB rail. Took out the motherboard, keybaord, and mouse. – CurtisHx Apr 24 '15 at 15:20
  • Original EWnglish language source of this device is [here](http://kukuruku.co/hub/diy/usb-killer). I have my reservations as to its authenticity, but the bottom side view does provide an indication that it might be real. | I've been told that, in a somewhat troubled country farish away from most people who read this the favoured means of attack of alarms systems is to use a cattle prod / stun gun / TASER ... like device to apply 'EHT' to any external alarm accoutrements such as a meant-to-be-flashing light nd external siren. The thoughtfully owner-provided alarm wiring takes the 10's of kV... – Russell McMahon Apr 29 '15 at 10:49
  • ... to where the alarm electronics used to live until a moment ago. The man who to;d me this says that his (and others') response is to use a 'honey pot' dummy alarm scheme which is monitored wirelessly for ongoing signs of life. If it dies then the real alarm kicks in. | Protection against the sort of zapper described in the article is achievable either on USB or ethernet or other hard wired circuit. The energy levels and voltages from a cattle prod or even an ignition coil would be harder to protect against. Due to size issues you may have to package it as an external hard drive :-). – Russell McMahon Apr 29 '15 at 10:54

3 Answers3

28

Long before USB there was the Etherkiller. And yes, it can fry your equipment. But unless you have bargain-basement (and I mean real sh*t equipment, not just inexpensive) stuff it won't affect any further devices connected to it.

enter image description here

Ignacio Vazquez-Abrams
  • 48,282
  • 4
  • 73
  • 102
  • 8
    Wow that thing is scary – user3900751 Apr 23 '15 at 21:43
  • 2
    +1 for the link. I always wanted an etherkiller, I administer part of the network at my university and people keep magin loops... that would teach them. – Vladimir Cravero Apr 23 '15 at 21:49
  • 5
    If your switches can't handle simple loops, you should consider replacing your switches instead of frying equipment that does not belong to you. (even though that cable will probably not even affect the machine; it's more likely to shock the person handling the RJ45 bit) – sleblanc Apr 24 '15 at 01:55
  • 3
    @sebleblanc which is why you plug in that end first. – user253751 Apr 24 '15 at 23:10
  • and before this there was the Blotto Box. – Alistair Buxton Apr 25 '15 at 02:43
  • I'm not sure that the "quality equipment" argument works here in terms of protecting your ethernet port. The damage may be limited if the isolation holds, but if you have 120V across the signal transformer windings, I can't imagine them surviving for long. – W5VO Apr 25 '15 at 16:34
  • @W5VO: You should definitely consider any piece of equipment you plug this into to be a complete loss. But it shouldn't affect devices plugged into the other ports. – Ignacio Vazquez-Abrams Apr 25 '15 at 16:43
18

Ignoring that the article referred to a 'field effect resistor,' the drive is purely a hardware attack, not a software one. Really, there is nothing to stop the user from wiring main voltage to any output port either. It is generally agreed in security that if an attacker has physical access, you are out of options, the same could be said for physical damage as well.

Jarrod Christman
  • 1,059
  • 8
  • 17
10

The USB device shown in that article can only damage the computer it's physically plugged into.

Ethernet ports are isolated and protected from -48V telecoms power, totally different than a USB +5V power circuit. I should point out that the 48V Ethernet is for POE (Power over Ethernet) systems. In lower voltage signal-only systems the signals are +-2.5V but the magnetics are usually still there.

The -48V ethernet signal is also differential driven, and the RJ45 jack in modern times has magnetics built in to isolate the computer circuitry inside from potentially volatile external connections. The circuitry which goes from the RJ45 jack to the ethernet controller usually has some serious protection circuitry built in, far more so than USB which is mostly just a ESD diode and a resistor or two.

The Ethernet controllers are designed to take a beating, AND isolated from the external inputs - these make something like dangerous signal injection by a small portable device very difficult to achieve. USB on the other hand is very fragile and computers are not built to expect these sorts of conditions. Either way, if someone attacks your ethernet socket it will not damage other computers, assuming that was the only ethernet connection on the same ethernet board. If you have a dual ethernet card, one socket being flashed-over with many hundreds or kilovolts may jump over to, and damage, the other connected device.

Seeing that Etherkiller is freaky, but that is not a small portable device, it's requiring a power socket spare nearby.. I guess someone sneaky can always blow stuff up - get insurance to be covered no matter what amazing devices are invented to hurt your business...

KyranF
  • 6,248
  • 16
  • 25
  • 11
    Please don't add "Edit:..." to the bottom of your answer. You just wasted a bunch of my time fact-checking your claim that Ethernet uses 48V and then I find that you already know it's only partially true. Almost everyone who reads your answer will read it *after* your edit so optimizing it for people who read it in the first 49 minutes makes no sense. Please edit it to make it read sensibly and linearly. – David Richerby Apr 23 '15 at 22:43
  • @DavidRicherby okay, no worries mate! Didn't mean to waste your time, but hey maybe you are more knowledgeable for it? – KyranF Apr 23 '15 at 22:47