USB Killer now lets you fry most Lightning and USB-C devices for $55

Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? Well, now the company has released a new version that is even more lethal! And you can also buy an adaptor pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports. Yay.

If you haven't heard of the USB Killer before, it's essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing. For more information on its technical operation, read our original USB Killer explainer.

The new USB Killer V3, which costs about £50/$50, is apparently 1.5 times more powerful than its predecessor, is more lethal (it pumps out eight to 12 surges per second), and is itself more resistant to setups that might cause the USB Killer to fry itself. A spokesperson clarified this last point to Ars: "The V3 is engineered to withstand short-circuit configurations, intentional or otherwise. Typically, when a host device fails, it will either fail to an open circuit, or a closed circuit. If a short-circuit isn't detected, the USB Kill would essentially continue to discharge into itself, i.e. suicide."

Since we last reported on the USB Killer, it seems the Hong Kong-based company has also secured FCC approval in addition to the European CE mark. This essentially means the USB stick is human-safe and won't electrocute you.

A slightly more nefarious development, though, is that there's now an "anonymous" model that looks like a boring, black USB stick. Previously the USB Killer was white with a geeky decal on the side, but, now, thanks to "huge demand" from "penetration testers and police/government users," there's a USB Killer that just fades into the background. (You can still buy the white model. Perhaps so you're less likely to accidentally plug it into your own PC, or something.)

Finally, there's a new adaptor kit (£15/$15), which includes three separate socket adaptors: Micro USB, USB Type-C, and Lightning. Last year, we reported that the USB-C's Authentication spec might save such devices from the USB Killer—but apparently that isn't the case.

USB-C Authentication and Lightning ports work in a similar way: when you plug in a device, the data lines are kept closed until the device can confirm its identity. A spokesperson for USB Killer told Ars that the Lightning adaptor "bypasses the authentication check," without providing any more details. When it comes to USB-C, the spokesperson said, "There are multiple forms of authentication (certificate, hash, etc), some of which can be emulated."

It isn't clear which iOS devices are actually vulnerable to the USB Killer, though we know it fries the port on the iPhone 7, which then gets stuck during boot-up. The iPad Pro seems to be a little more resilient: it freaks out while the Killer is attached, but seems to regain consciousness once it's removed.

Indeed, one of the trickier aspects of USB ESD (electrostatic discharge) attacks is that there is no Grand Unified List of vulnerable devices. All you can really do is search for the device on YouTube to see if someone has already attempted to kill it. Or maybe, if you work in IT, you could call up the equipment supplier and ask. In short, though, it seems most devices are currently vulnerable.

With USB and Lightning authentication seemingly off the table, then, it seems the best way of protecting USB ports is with an opto-isolator: a small, cheap chip consisting of an LED and photodiode that physically isolates one circuit from another. I don't imagine manufacturers will retrofit such opto-isolators, but hopefully they'll be included in more devices in the future.