The New USB Rubber Ducky is More Dangerous Than Ever

by
hubie
from on (#62R8J)

upstart writes:

Hak5's new USB Rubber Ducky, unveiled at the Def Con hacking conference in Las Vegas, is more effective than ever, thanks to the inclusion of a new structured programming language (DuckyScript 3.0) that allows it to execute more sophisticated hacks.

The beloved hacker tool can now pwn you with its own programming language:

To the human eye, the USB Rubber Ducky looks like an unremarkable USB flash drive. Plug it into a computer, though, and the machine sees it as a USB keyboard - which means it accepts keystroke commands from the device just as if a person was typing them in.

"Everything it types is trusted to the same degree as the user is trusted," Kitchen told me, "so it takes advantage of the trust model built in, where computers have been taught to trust a human. And a computer knows that a human typically communicates with it through clicking and typing."

[...] The newest Rubber Ducky [...] ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine. While previous versions were mostly limited to writing keystroke sequences, DuckyScript 3.0 is a feature-rich language, letting users write functions, store variables, and use logic flow controls (i.e., if this... then that).

[...] Perhaps most impressively, it can steal data from a target machine by encoding it in binary format and transmitting it through the signals meant to tell a keyboard when the CapsLock or NumLock LEDs should light up. With this method, an attacker could plug it in for a few seconds, tell someone, "Sorry, I guess that USB drive is broken," and take it back with all their passwords saved.

[...] It also comes with an online development suite, which can be used to write and compile attack payloads, then load them onto the device. And it's easy for users of the product to connect with a broader community: a "payload hub" section of the site makes it easy for hackers to share what they've created, and the Hak5 Discord is also active with conversation and helpful tips.

Shouldn't this be fairly easy to block by something like the OS requiring user confirmation to connect a communications device ("Do you want to connect this keyboard?")? [hubie]

Original Submission

Read more of this story at SoylentNews.

External Content
Source RSS or Atom Feed
Feed Location https://soylentnews.org/index.rss
Feed Title
Feed Link https://soylentnews.org/
Reply 0 comments