As a security researcher it saddens me that a device like this is being marketed as anything of use in a pen-test. It is at the end of the day a destructive device and nothing more. It's a device to physically destroy computing platforms and is otherwise useless in the demonstration of any threat vector which can be reasonably mitigated. "But wait, it shows a lack of surge protection in USB implementations and manufactures should take steps to include that level of protection" you might say. Well, no. This is an edge case and one which cannot be solved.
In the real world, surges of this nature on a USB buss only happen as a result of a device like this and from nothing else. Yes, there are power surges, but those are typically from the AC power grid feeding your home.
Ultimately, if a malicious actor is willing to plug a device into a USB port which through the introduction of high voltage into the buss will fry the hardware there's nothing that can be done.
Today this device introduces a 200V spike; however, there's nothing holding it back from doing a 2,000V spike or even a 200,000V spike. There are no technologies available today which can stop high voltage from frying computers because at some point, with high enough voltage not only will the MOV or TVS diode burn out, but the voltage will arc to other components.
Making dubious claims that manufacturers can take steps to mitigate the risk is well, dubious. It's like claiming we must all buy protective clothing because we could be tazed while ignoring the fact a tazer proof shirt leaves a fair amount of the body still exposed. This is not a legitimate pen-testing tool, it is a destructive device. Is it good to know that it's possible for someone to fry a computer via the USB buss? Yes it is because that knowledge could be used to catch a miscreant. Is use of this device any different than smashing a computer, kiosk, or point of sales terminal with a baseball bat? No, it's the same.
In the real world, surges of this nature on a USB buss only happen as a result of a device like this and from nothing else. Yes, there are power surges, but those are typically from the AC power grid feeding your home.
Ultimately, if a malicious actor is willing to plug a device into a USB port which through the introduction of high voltage into the buss will fry the hardware there's nothing that can be done.
Today this device introduces a 200V spike; however, there's nothing holding it back from doing a 2,000V spike or even a 200,000V spike. There are no technologies available today which can stop high voltage from frying computers because at some point, with high enough voltage not only will the MOV or TVS diode burn out, but the voltage will arc to other components.
Making dubious claims that manufacturers can take steps to mitigate the risk is well, dubious. It's like claiming we must all buy protective clothing because we could be tazed while ignoring the fact a tazer proof shirt leaves a fair amount of the body still exposed. This is not a legitimate pen-testing tool, it is a destructive device. Is it good to know that it's possible for someone to fry a computer via the USB buss? Yes it is because that knowledge could be used to catch a miscreant. Is use of this device any different than smashing a computer, kiosk, or point of sales terminal with a baseball bat? No, it's the same.