The USB Rubber Ducky hacking tool can now do even more and attackers can use the tool more flexibly. The manufacturer Hak5 has expanded the range of functions for this.
USB Rubber Ducky ($60) looks like a regular USB stick with a USB-A and a USB-C connector. But inside is a CPU and a microSD card that can store scripts to attack computers.
So if you find an abandoned USB stick, which is actually a USB Rubber Ducky, and connect it to a PC, a script can read passwords, among other things, and send them to an attacker.
New Skills
The stick pretends to be a keyboard on the computer (Human Interface Device HID) and thus has the same user rights as the victim. So far, the scripts could only contain simple keystrokes that were processed dull. As can be seen from the updated shop website, the stick now understands functions and variables, among other things, thanks to the new DuckyScript 3.0 Advanced programming language. As a result, countless new malicious functions are conceivable. With if-this-then-that commands, the stick can now even recognize whether it was plugged into a macOS or Windows PC and react with functions tailored to the systems.
So far, USB Rubber Ducky could only send captured data to an attacker via the Internet. Now there is a return channel, so that the stick can directly save any recorded passwords. To do this, it binary encodes passwords typed in by victims. The transfer to USB Rubber Ducky succeeds via the signals that tell the connected keyboard when the Caps Lock and NumLock LEDs should light up. For example, attacks on air-gap systems are also conceivable.
(of)