Based on related experience...
The USB power outlet (the associated power supply) on the aircraft would be specifically designed to avoid passing on any such nonsense to the aircraft power bus.
Hackers are destroying everything from the latest gaming systems, phones, and even cars with a dangerous circuit-frying USB device that could put critical systems at risk. The -220V USBKill device developed last year and since refined is an inconspicious USB stick that can ruin devices in seconds by delivering continous power …
You would hope so. But rules in regards to aerospace are usually put in place from "tombstone" regulations.
Basically someone has to use this USB device killer on the plane, and the plane needs to crash and people need to die before the aircraft companies and the FAA sit up and demand this be stopped. Otherwise you're paying money to prevent something that might never happen from happening.
That's what Air Crash Investigation taught me anyway.
Totally with you on that one, you must be at the top of your game....presumably heading up tech for say Airbus or Boeing with special focus on security and safety.
That'll be why a researcher was banned from a plane after accessing flight control systems from the in-flight entertainment system.
You can't just blindly assume that because it's tech someone has thought about it...just look at Tesla and their issues...they have been a tech company stepping into car manufacturing as opposed to Boeing and Airbus who are aviation companies who have tried to embraced tech.
That'll be why a researcher was banned from a plane after accessing flight
control systems from the in-flight entertainment system.
I think you will find that 'exploit' is an urban myth since the two systems are not interconnected in any way.
I think you'll find it's a little more complicated than that. (Read the whole article.) http://www.zdnet.com/article/a-practical-history-of-plane-hacking-beyond-the-hype-and-hysteria/
And I think you need to read the article again.
It's EXTREMELY well-worded and selective in its quotes but at no point has anyone said that you can touch, interfere, modify or access the critical systems at all. Sure, you can take out the in-flight movie and maybe get "admin" access to it. But you still can't modify the autopilot or anything else.
And to do so, required a special filing from Boeing which was subject to scrutiny of a kind approaching "Sure, but only if it's impossible to interfere with the flight systems" at which point it was abandoned.
It's extreme hyperbole, but it still boils down to "Roberts and other researchers have demonstrated methods for hacking into onboard computer networks used to operate in-flight entertainment systems.", The biggest risk there is that you might miss out on seeing Snakes On A Plane.
I wouldn't call it an 'engineering design shortcut' since the design and the product were never intended or expected to deal with a lunatic putting 220V onto the USB lines. Maybe expectations and specifications will be modified from now on. Does anyone think that a 5kV isolation requirement is overkill?
Some men just want to watch the world (your devices) burn. The troll in me chuckles a little but no way I ever buy one of these things because guarantee it ruins your shit first and only (if you have any moral compass at all). And if you don't the law often can't handle new tech well but destroying other people's property has been codified in law for quite some time now.
This post has been deleted by its author
Simple 'Crowbar' circuit or (MOV) varistor on data lines!
Although normally invisible to a power circuit until an over voltage event, I don't know how they may effect signals at high frequencies even though they are not in series, have low capacitive/inductive properties. They are very small, so could be attached directly to the socket.
I wonder how long one of these USBKill devices would survive being essentially shorted out?
MOVs and Zeners will protect against static discharge, but for real reliability (e.g. Intrinsic Safety) they then need to be protected against sustained overload with fuses, creepage and clearance distances, infallible connections, optocoupler "Distance Through Insulation"... It gets expensive.
Also, I've seen computer interface chips on motherboards explode when they are pushed into latch-up by inappropriately high currents (>15mA) through their inbuilt protection diodes.
I don't think I've ever seen a port technology which is entirely optically isolated on a common device. For some things, I doubt it's even possible given their speed.
But seriously:
- Serial ports. Okay, I've seen optically isolated, but never on a PC or home device, only on geek interfacing kits.
- Parallel ports. Same.
- VGA. Nope.
- DVI. Nope.
- HDMI. Nope.
- PS/2. Nope.
- SD card. Nope.
- SATA / eSATA. Nope.
- Docking stations. Nope.
- Firewire. Nope.
- DisplayPort. Nope.
- Ethernet. Nope (and that often carries PoE!).
- Headphone / audio sockets. Nope.
- Phone handset curly-cords. Nope.
- Telephone lines. Nope.
About the only one is TOSLink and that's because it's an optical connection.
You can't just go around putting humongous voltages down copper pins and then be surprised when things blow up. Sure, you can fuse it, reduce the damage, etc. but you'll still kill devices before the fuse goes, especially if you're being just-that-silly with trying to deliberately damage things.
It's ridiculous to suggest these should all be optically isolated. Public kiosks / airplanes? Yes, if you offer ports they should be locally fused and they WILL be on separate circuits anyway (otherwise you have a flight-control / in-cabin wiring violation immediately - even fusing the entire cabin should not affect anything to do with the safety of the plane). But opto-isolating every seat? No.
I bet almost all my home appliances can't suffer the same - GAS BOILERS DANGEROUS BECAUSE IF YOU PUT 20kV DOWN THE THERMOSTAT CABLE, THINGS COULD GO WRONG.
No shit, Sherlock. Don't do that.
MIDI is optically isolated, and its cousin DMX, which is used in a similar manner but for lighting and other stage effects. Your point stands, though - I haven't seen it built into a PC since the Atari ST. The common approach on PCs was to have a MIDI break-out box attached to the game port.
For that matter, IrDA is optically isolated, but again, it's been almost entirely supplanted by BlueTooth, and hasn't been common since the old Nokia days - when people only ever seemed to use it for playing two-player Snake.
Thunderbolt started off as 'LightPeak', with the intention of using fibre optic interconnects. However, a copper cable solution was cheaper, and also perhaps the thinking was that consumers would find power delivery more useful than long fibre optic lengths.
It's ridiculous to suggest these should all be optically isolated.
USB ports are different from those other examples:
1) Those other interfaces are not used for massively common and cheap devices, that people routinely plug into their systems when they find them lying around.
2) Those interfaces are not normally shared, where plugging a bad device into one port can damage other devices other people have plugged into other ports (as is common in charging stations).
Right. Galvnaic isolation does have to be optical, it can be magnetic or acoustic or hydraulic or ???. The Ethernet spec says both ends have to be galvanically isolated and have to provide fairly high level of isolation -- IIRC around 1-2KV. In practice, copper Ethernet interfaces are transformer coupled.
In other news, man destroys PC by flicking PSU switch to 110V and plugging it in to UK 240V power socket. (I've seen far too many early Dell dimension desktops that have gone pop like this working at a transatlantic company!)
Any interface can, if you connect to it inappropriately, potentially cause damage. Heck, I blew up a Sinclair ZX Spectrum in 1 second by swiping a screwdriver over the edge connector at the back of the device causing a spark and blowing something up inside. (Mum and Dad got it replaced under warranty - it blew up? No idea why.... )
In other news, man destroys PC by flicking PSU switch to 110V and plugging it in to UK 240V power socket.
Cheap PSUs...
Many years ago a colleagues DEC VT220 terminal blew it's fuse after a few months of use. No-one could see an obvious fault, so the fuse was replaced. It blew again after a week or so. At that point someone finally noticed the voltage selector set at 110v. It was reset to 240v, the fuse replaced, and the terminal continued to function for years. Tough kit.
"Any interface can, if you connect to it inappropriately, potentially cause damage."
Indeed, I'm struggling to see how this counts as news. Plugging a 220V power source into something not designed to have a 220V power source plugged into it will screw things up. Try doing the same to a 3.5mm audio socket or your printer's data port and see how well things go. Other than the usual "Don't plug random electronic devices you found lying around on the floor into your computers" advice, there's really nothing of interest to see here.
So many people here seem to be missing the point. It's not about the result of shoving high voltages where they shouldn't be. It's abou the ease and speed with which this can be carried out, and how many devices are potentially at risk.
Imagine, you can walk into Currys, whack this into a port, and leave likely unnoticed having just destroyed equipment of high value.
It's effectively the electronic equivalent of a can of spray paint. But even more discreet.
"So many people here seem to be missing the point. It's not about the result of shoving high voltages where they shouldn't be. It's abou the ease and speed with which this can be carried out, and how many devices are potentially at risk.
Imagine, you can walk into Currys, whack this into a port, and leave likely unnoticed having just destroyed equipment of high value."
And how exactly is this any different from doing exactly the same with a headphone jack, HDMI plug, or other common interface? The only difference with USB sticks is that idiots are more likely to plug them in themselves if they find one lying around; if all you want to do is damage equipment in a shop, a power source connected to the plug of your choice will do exactly the same job, and would have done so just as well 30 years before USB was even imagined.
(Mum and Dad got it replaced under warranty - it blew up? No idea why.... )
That's what concerns me about the bright spark in the video. He mentions he's going to "send it back this time" (about the 14:10 mark) in reference to the zapped Galaxy so I can't help but wonder if he's not just destroying this stuff and returning it which drives up the cost for everyone.
"One notable lunatic nuked a brand new MacBook Pro, Google Pixel, and a Samsung Galaxy S7 Edge ..."
If he did them all within a short space of time (*) then some collaboration between Apple, Google and Samsung might be able to identify who it is. (* Or even a fairly long period. How many people have bought all three of those and returned them under warranty almost immediately?) Perhaps El Reg could contact all three companies and spin some line about wanting to write the story of how they joined forces to identify the fraudster.
This biggest threat these things pose I think, it not people maliciously plugging them in themselves, but the fact that due to their size they could easily be placed inside the housing of many models of USB flash drive. It would take minimal work in many circumstances then, to swap someones genuine USB flash drive for a disguised USBkill device.
Why should 50kV be a problem for a person? You can get that much stroking a cat and then touching a metal stair railing. People have died from as little as 42 volts of direct current (I assume he was very wet) and only 200 milliamps reaching the heart is fatal - but AFAIK this device isn't 'live' all the time, it requires a USB negotiation first, which your fingers won't provide. If it is live all the time, the 220v version might already be lethal if you used it in a bathtub.
Plus, it isn't the current/power that is killing devices, it is the voltage. Most ICs don't react well to a lot of voltage. Overcurrent can be a problem, but you'd need a dozen amps sustained for more than a few seconds before you have to worry about hitting fusing temperatures for the traces likely to be used inside.
The power is only a problem if it is actually charging the battery, and more power is directed to the battery than the charging circuits can handle. If a device is so broken as to accept whatever power comes in a USB port and direct it to the charging circuits, there's no hope for it.
You could install TRIAC crowbars capable of stopping 10000 Amp surges only to have an immature individual prove that it's still not resistant to screwdriver prying.
I used to repair vending machines. People will always find a way to break something. If there's a break-away mount to shield something from excessive mechanical shock, people will break that. If all else fails there's chewing gum.
My local bus company recently upgraded their buses with WiFi, USB charging and 3 pin power sockets. The charging speed strongly suggests they isolated the USB ports (with string instead of conductors).
Took just days to discover using hair curlers in the power sockets crashes the bus electronics...
@Paul Shirley
I think I know where you live, my local company did the same thing. Didn't know about the hair curlers though. Maybe it is just me but I would treat an unknown charging port the same as an unknown device, dont go sticking things in there, it wont be pleasant.