This USB stick will fry your computer within seconds

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

A Russian security researcher known as “Dark Purple” has created a USB stick that contains an unusual payload.

It doesn’t install malware or exploit a zero-day vulnerability. Instead, the customised USB stick sends 220 Volts (technically minus 220 Volts) through the signal lines of the USB interface, frying the hardware.

USB Killer 2.0

Dark Purple claims in a Russian-language blog post that the attack is not just limited to computers, but can used to incapacitate almost any equipment equipped with a USB drive.

Sign up to our free newsletter.
Security news, advice, and tips.

Want to see the attack in action? Of course you do.

Here is Dark Purple’s video, where he demonstrates how USB Killer v2.0 bricking a Lenovo Thinkpad X60 laptop:

USB Killer v2.0 testing.

Dark Purple says that you shouldn’t worry too much about his broken laptop. He claims that “he will live” and a new motherboard is on the way. He thinks it is “extremely unlikely” that the hard disk was damaged, and so it should still be possible to access the data stored on the drive.

That’s good news, of course, as the data you store on your computer’s hard drive is probably more valuable to you or your business than the hardware itself.

It may also mean that computer criminals, political activists, journalists and whistleblowers, concerned that they might be at risk of having their computers seized, won’t attempt to use this particular technique to keep their data out of other parties’ hands.

So, there you have it. USB Killer v2.0. Yet another reason not to plug a USB stick of unknown origin into one of your computers.


Want to keep up-to-date with my latest rants about computer security? Join over 100,000 others by following me on Twitter at @gcluley, or subscribe to my YouTube channel.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

54 comments on “This USB stick will fry your computer within seconds”

  1. Tony Jenner

    Any suggestions as to how to check the veracity of an unknown USB stick if you don't happen to have a stock of "disposable" computers to hand?

    1. Recon7 · in reply to Tony Jenner

      Sure … lick it and see what happens. ( like the old way of "testing" a 9v battery)

      1. kashmiri · in reply to Recon7

        There is no way. The malicious stick is initially "empty", licking won't show any charge. It then gets charged from the USB port over a few seconds, and then releases the stored charge (via voltage upconverter).

        It's a brilliant way of revenge if TSA agents stop you and want to check the content of your USB drive…

        1. Perfessor · in reply to kashmiri

          Ya, getting detained and going to prison instead of finishing your trip to the Carribean is always the best "revenge" on the government, in my experience.

          Mmm-hmmm.

          1. Mihaitha · in reply to Perfessor

            If they find your stick and ask you what's in it, and you insist it's nothing and not try to read it as it will fry their computer, they have no reason to arrest you. Not that they would have a reason to arrest you if you didn't tell them, they don't have a right to go through your digital data.

    2. kashmiri · in reply to Tony Jenner

      There is no way. The malicious stick is initially "empty", licking won't show any charge. It then gets charged from the USB port over a few seconds, and then releases the stored charge (via voltage upconverter).

      It's a brilliant way of revenge if TSA agents stop you and want to check the content of your USB drive…

    3. TheNH813 · in reply to Tony Jenner

      A USB isolation transformer. They allow USB signals to be sent, but anything over a certain voltage is blocked. Some of them can protect the computer from very high voltages, some over 30000V protection. http://www.amazon.com/gp/product/B005X9YJ00 This one protects up to 4000V. As you can see, at several hundred dollars, it's not cheap. These are used in industrial applications where equipment might break down and fry the computers controlling them. Obviously in those cases, buying a couple hundred dollar isolation device that can prevent damage many times without even needing replacement is the lesser of the two expenses.

  2. Adrian

    Version 2. comes full of thermite and magnesium powder.

    1. mark · in reply to Adrian

      usb can't melt steal beams

      1. Mario · in reply to mark

        The burns.. they are real!

      2. jdubb · in reply to mark

        Why's it matter if the beams were stolen or not?

        Steel beams, on the other hand, sure.

  3. Rusty Shackleford

    What happens if the USB Killer was plugged into a USB hub? Would it simply damage the USB hub or would it continue on and damage the computer motherboard?

  4. Charles Indelicato

    =What happens if the USB Killer was plugged into a USB hub? =

    I would surmise the hub might be damaged to the point that the charge wouldn't reach the motherboard … but I wouldn't test it myself.

  5. Dan Parry

    A very interesting article. You mention that a hard disk drive should be unaffected and the data still readable. Would this be the same for an SSD, or MSata card?

    1. coyote · in reply to Dan Parry

      The researcher suggested that. It's unknown currently, is what I infer from that text.

  6. Pain

    In the wrong hands of a student this could wreak havoc on a school

    1. Akim · in reply to Pain

      So can a hammer, or a spray bottle of water, and a student can get those items for a buck.

      1. Amante · in reply to Akim

        You can't be serious, right? This is much more silent/stealthy meaning it's much more dangerous. You just plug it in, wait, pull it out. It would be way more obvious if you were walking around wrecking shit with a hammer.

    2. Matthew White · in reply to Pain

      that's probably one reason why some places have rules that users may not connect their own devices or the devices must be approved

  7. Spunky

    Where can I order these? Also, how do these get recharged?

    1. TheNH813 · in reply to Spunky

      Actually, the device uses a flyback-style voltage multiplier. Essentially, a very common type of high voltage supply. It's get's it's power from the computer itself, so no recharges ever. Imagine dragging your feet over the carpet, then touching the doorknob. You slowly charge up the longer you do it. Same concept, it takes in power little by little through a voltage multiplier circuit and charges up to 220V using only 5V to start with. Think of it as the opposite of a wall adaptor, wall adaptors take in 120V (or 240V in UK ,Australia, etc), and use a voltage dividing circuit that contains a transformer. Said kind of transformer and driver circuit can be used in reverse to change a standard charger voltage (USB is 5V) and upconvert it to 120V or 240V or anything you can design within physical limits. Then, the USB stick of doom dumps all that power at 220V back into the computer, on the very sensitive data lines, which are only supposed to have 0.4V to 3.3V on them, which obviously is many times it's limit, instantly killing it.

  8. Chris in N.Va.

    So, a sort of Fatal Phallus which will royally screw the unsuspecting user's computer. Further caution that "Safe Computing" means not being promiscuous with unknown "sticks."

  9. Erick

    I would've thought the mainboards had some kind of "fuse" on the data line circuit that would actually set off and render the USB port useless but not affecting the rest of the circuitry. Interesting that they don't.

    1. Tim · in reply to Erick

      Fuses protect against high current, not voltage. If the surge is high enough. The fuse may mean nothing. The damage would be instantaneous. Surge protection would be more appropriate.

    2. David · in reply to Erick

      All the signal lines of the USB port (Data +, Data – and the 5V supply) should absolutely have transient voltage suppression (TVS) devices that are capable of absorbing a reasonable amount of energy up to a high voltage – at least 2000 V to allow for static discharge. The concern is whether this inverter device can dump enough energy into the TVS parts to ultimately destroy them. For example, a short burst of 1000 V is likely to be protected against but a continuous 10V could destroy the TVS parts if the current available is high enough. Once destroyed, the port will no longer be protected and circuitry further into the computer could be damaged.

  10. The Doc

    I would have thought it would only fry the USB controller on the motherboard if it is only supplying excessive voltage into the data lines. They probably did what I was thinking and also once charged send the voltage back up the 5V USB supply. This would fry that regulator and anything that uses the same 5V buss. Don't know if it would make it back to the 5V rail of the power supply. but if it did then it would fry just about everything. There is no real reason to use this unless you really hate someone…Maybe these guys think there is a market for this???
    (And yes if it got to the 5V rail It would also likely fry flash storage devices NVRAM such as SSD's and other USB sticks.)

    1. Isaac · in reply to The Doc

      It would all depend on the hardware you are plugging it into. If it's not USB directly on the MB, then it should blow the controller before it gets that far. But if it's USB Ports directly attached to the MB, it could overload the controller, and fry the entire board.

  11. Really Noone

    AC couple the Tx/Rx lines though an adapter with a shunt diode. There could be a market for a protection from such a device. An adapter which AC couples the Tx/Rx lines of the USB bus with capacitors for high voltage with a combination of shunt diodes., The drawback would be that the transmission speed could be slightly compromised and USB could move the data at bit lower rate. But for checking and protection against unknown USB drives this would be perfect. Once you know the drive is safe, you can remove the adapter and use it without it.

    This is nothing new. This is an old trick we used back in college in 1990's when USB first came out.

  12. Don

    Why would anyone design something that does what this does. Don't the have anything better to do with their knowledge. My friend is right, for the most part people are no damn good.

    1. Walrus · in reply to Don

      To fry their own computer.
      It was clearly shown in the video.
      Did you even watch it?

  13. cassiel

    I've had a Belkin portable USB hub do exactly that to one of my laptops. Didn't require any special hardware at all.

    1. David Payne · in reply to cassiel

      Are you sure it was a Belkin? That behaviour sounds more like a Belkar! (From Order of the [USB] stick).

      I had a (different brand) share-USB-peripherals-between-2-computers hub kill the first & only peripheral I attached to it. I hope the shop didn't put it on the bargain table with "changed mind" or similar on the reason for return label!

  14. Peter Mortensen

    This article is about nothing. It's easy to make a "whatever connector" killer by wiring your AC mains power to the "whatever connector". For example, if you want to blow a 3.5mm audio output, SATA connector, any DC input, Lightning, HDMI, VGA etc. etc. just connect some pins to main power and smoke will come out. If it didn't burn the first time, try some other pins in the connector.
    Also an excellent way to burn speakers is to connect them to the mains power.

    1. Tom · in reply to Peter Mortensen

      Except this isnt charged via mains power (charges over the same USB port its connected to) and is much easier to allow someone else to kill their own computer than passing them a audio jack hooked up to their mains supply.

  15. glen

    Oh boy, is this great!! (to quote Flounder) :)

  16. chaon

    Hmm this is bad for cops and other authorities more than anything. Criminals who do cyber crime have one of them mixed in with normal USB sticks and when they go to collect evidence boom fried motherboard.

    1. dingo88 · in reply to chaon

      This won't faze government goons. They'll just use your tax money to buy themselves new motherboards. After a few fried motherboards, they might even get smart enough to start inspecting the innards of flash drives before plugging them in.

    2. Trevor · in reply to chaon

      Fried motherboard yes fried hard drive no they would just have to plug the hard drive into another computer all there files should be intact

    3. Willy · in reply to chaon

      Yeah, because everyone knows that cyber labs have only one computer, and once that goes, they get laid off.

  17. chris

    does this come in a 10,000 volt hard drive version yet?? turn it on and a loud bang.. blame TSA and get new puter.. muahaha..

  18. David Hitchen

    "It may also mean that computer criminals, political activists, journalists and whistleblowers, concerned that they might be at risk of having their computers seized, won't attempt to use this particular technique to keep their data out of other parties' hands."

    I wouldn't call this a "technique". It's a hardware bomb that fries your motherboard. It costs money to produce each "infection". It doesn't spread. It doesn't produce any financial gain for those who invest in spreading it. My bet is this is the last you will hear of it. I've heard of something much scarier called BadUSB. This technique uses the firmware of a usb device to compromise the security of devices it is plugged into by planting malware.

  19. Jack Straw

    Is there supposed to be a point to this? If it doesn't fry your information, what's it good for?

  20. Jamon

    So what you could also use a hammer if you have access to the PC and that will do a better job of destroying everything or you could pour a bottle of water in it for the same effect. All show.

  21. BiomedSteel

    All you need is a USB hub with an inline fuse. Fuse will pop and no harm will come to the motherboard.

  22. The Hollywood Mag

    Is this a one time use kinda thing or can it be used to fry multiple devices?

  23. William

    Just a guess – didn't you mean USB <i>port</i>, instead of drive? C'mon old boy, it's a gender issue :)

  24. Name, yeah, so what?

    Hmm, posted with scripts disabled, no post seems to have occurred. Local scripts now enabled…

    Didn't you mean USB <i>port</i> rather than drive? It's a gender issue :)

  25. Just me

    @BiomedSteel – Sounds <b>highly</b> unlikely to succeed. The fuse would be on the 5v supply line only. The USB stick puts out the 220v across the Data lines which would not be fused. Don't be so anxious to give out [stunningly bad and VERY expensive] advice :) It's very clear you don't know much about electronics.

  26. Name

    This site exhibits inconsistent behavior when I try to post comments.

    I use NoScript. First comment (from "William") was submitted, but didn't appear. So I told NoScript to allow scripts from this site. Submitted a repeat of the first comment, THEN the first comment did appear – but not the one I'd just submitted. It still isn't there.

    So I went back to disabling all scripts and submitted another comment in reply to BiomedSteel (don't take his BAD advice!), but it didn't appear either. Too bad – taking his advice will STILL fry your device.

    Let's see what happens to this comment… [click]

  27. William/Name/Just me

    @The Hollywood Mag – There is no particular reason this should be a "one-time" thing. It is certainly possible that it fries itself as a result of being used, but kind of unlikely. That would be "bad design" – which would make for a poor example of "evil design".

    It comes down to what combination of values are used for voltage, USB internal impedance, target device impedance. These determine the amounts of current that will flow, which in turn is the main determinant of whether the USB fries itself at the same time as frying targets.

    One thing is certain: if the device's designer *chose* such values as to make it re-usable, then it's re-usable.

  28. Matt A

    Add a hidden switch to make it a proper USB thumb drive and you have a great way to make sure nobody reads your data. Only you know where the switch is and you just have to remember to switch it over before you insert.

  29. Mike

    Where can i get this usb
    Pls reply.

  30. Done It Already

    I've done this, although not up to 220v. I was working on pic microcontroller circuits, using an in-system programmer, to control 120v line voltage. My crappy process was to unplug the programmer, then plug into the wall, and I screwed it up twice before I finally got around to redesigning the circuit. I would forget to unplug the programmer before plugging into the wall, and the usb programmer was still plugged into the computer. First time fried my hub and the keyboard dongle plugged into it, as well as the programmer. Second time fried half the USB ports on my PC. The PC (I believe) had 2 controllers on board, and I'm guessing it fried the one that particular port was plugged into.

    So with 120 ac volts, the computer itself survived and is still usable, and the hub protected the computer (although, I could be wrong and misremember that, but I'm not testing it again). Obviously, this would depend on exactly how the hardware is designed, and it's possible 220 or 10000 volts could jump something that 120v can't, but I'd say that you're not even guaranteed to kill the motherboard. In my particular example, even if you turned around and fried the other half of the ports, nothing stops the owner from installing a third-party controller board (as I did) to get usage back for keyboard and mouse.

  31. activistnoise

    I just wrote an article about that kind of device that is now sold by usbkill.com and i had a chat with the people who are selling that. it is very interesting to see that most of the machines with usb will die almost instantly. Seems that only the last macbook resist to that kind of attacks. They market this usb kill 2.0 as a testing tool for hardware developers and pentesters.
    I wonder how many trolls will buy one just for the fun of it … :/

Leave a Reply to Matthew White Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.