The article probably references power design of the device. It’s up to the device manufacturer how to implement the design if it wants to add explosives.
Upstream USB connectors supply power at a nominal 5V DC via the V_BUS pin to downstream USB devices.
https://en.wikipedia.org/wiki/USB_hardware#Power
“When a device doesn’t recognize the faster-charging standard, generally the device and the charger fall back to the USB battery-charging standard of 5 V at 1.5 A (7.5 W).”
‘https://www.pcmag.com/how-to/what-is-fast-charging
‘https://www.techspot.com/news/52321-usb-30-superspeed-update-to-eliminate-need-for-chargers.html
specifications
‘https://www.usb.org/documents?search=&type%5B0%5D=55&items_per_page=50
“five Ecuadorian journalists have received USB drives in the mail from Quinsaloma. Each of the USB sticks was meant to explode when activated.”
]]>@Nimmo “the war against the people of the Donbass” …oh wow. Selective perception is a powerful tool indeed – to trick yourself. However, remember that it does not work at all to change reality.
]]>@ soothsayer, ALL,
“Either the cops are clueless that they measure explosives in volts or this is just another one of these make up news items for a slow day.”
I’d go read it again…
As presented above,
“the flash drive that went off had a 5-volt explosive charge and is thought to have used RDX.”
Is the journalist / editors words, not that of the “police official”. Who they then directly quote with,
“can be used alone as a base charge for detonators or mixed with other explosives, such as TNT.”
The journalist / editor then goes on to make another mistake (1cm).
We’ve seen such issues in the past with journalists basically making statments that are not even close to being scientifically accurate. I’ve even moaned about three or four such journalists on this blog in the past.
]]>5V-Charge! That’s a novelty in itself, and reporters first name Lenin- can’t make this stuff up.
Either the cops are clueless that they measure explosives in volts or this is just another one of these make up news items for a slow day.
@SoWhatIf that’s already implemented in the ‘Rubber Ducky’, which is a commodity product.
On the other hand- if you’re not careful- maybe the keyboard/mouse payload you program in leaves some obvious traces.. at its simplest, let’s say you program in something that’ll type
WIN+R
powershell
LEFT ARROW
ENTER
PAYLOAD
ENTER
ALT-F4
The aftereffects of that might look a bit odd if it runs at a login screen, instead of on a logged in PC, no? Let alone if CMD and POWERSHELL are blocked from launch by regular users.
I expect that the likes of the NSA and the MSS have implemented similar hardware, but with LoraWAN type radios, and much more capable processors and payloads.
If I was working in the national intelligence services of the African countries that the US is targeting for regime change for refusing to support the war against the people of the Donbass, I’d be trying to find a good way to monitor for things that look like DisplayLink USB video type devices just suddenly showing up and having Windows automatically install drivers at 3am, right as some US ‘diplomat’ arrives and parks outside a government building to relay back to Fort Meade so the creeps there can test different payloads and make sure they don’t leave obvious traces behind by watching the mirrored video… before deactivating the fake video display to make sure it isn’t noticed.
]]>Maybe the oligarch who runs Equavisa should stop supporting Ecuador’s Pinochet, Guillermo Lasso? The people that filthy neoliberal impoverished tend to be quite angry about it.
]]>@ SoWhatIf…,
“What takes a shoebox today used to take a suitcase, and tomorrow will take a matchbox.”
Whilst tech used to get smaller at a significant rate, other things don’t.
The amount of “bang you get for your buck” or more precisely your mix of chemicals does not increase very much.
Worse even though we do know of chemicals that will release more energy, that does not of necessity result in more bang/blast (thermite for instance). Also those that do release more energy tend to be a lot less stable to the point just sun shine falling on some will cause them to go pop or worse…
]]>Tech always improves. What takes a shoebox today used to take a suitcase, and tomorrow will take a matchbox.
What stops somebody from putting a USB-hub inside a USB-drive? And also a normal USB drive, hooked up so it all looks clean & right when you plug it in? And also a microcontroller emulated keyboard & mouse, that will power up after a time delay so nobody notices?
Looks just like a regular USB drive, both physically and on your computer. Only now somebody can do anything on your computer that you can do, including type in a computer program and run it.
Malware isn’t the only worry.
]]>@ALT
In fact you need low-tech and burner devices (plural is not an error).
Attacks could come from the USB high-level protocol (and physical too if firmware is backdoored at this level!) targeting firmware and OS, and encapsulated protocols (say keyboard for example) targeting their support on the OS (or a backdoor on USB firmware), so this is at least one step, and a burner device.
Then with full data contained on the USB Key (all blocks), you might still have a Boot-record MBR/GPT/etc. attack, an UFI/UEFI attack, a filesystem attack.
You need a burner at this point.
Then you have files, including one containing all the blocks of the initial USB Key to ensure integrity and ability to analyse and audit, your OS might launch some of them, and if not for your OS, they might be targeting your antivirus, for example Microsoft Defender had a “bug” (we say backdoor in my team) enabling local execution at the highest level.
So another burner device, you should at least convert those file in a safe format that could not be executed as-is in any way.
And it’s just a resume, without further details (16550 UART for example), it is somewhat very difficult to avoid propagating attacks up to your own computer or system.
]]>@iAPX
Yes, firmware is a problem – I should have written “would not be too dumb”.
So, maybe it’s harder to make an exploding CD/DVD?
]]>