Rubber Ducky, the USB hacking tool that has reached celebrity status due to its part notoriety, has gotten a brand-new iteration, one more dangerous than ever before.
Security expert Darren Kitchen showed off Rubber Ducky 3.0 at the recent DEF CON event, showing there’s still life in the iconic threat yet.
The biggest change is in the DuckyScript programming language, used to create various malicious (opens in new tab) commands. While the best earlier versions could do was write keystroke sequences, this version’s language is rich in features, allowing users to write various functions, store variables, and even use if-then-else controls.
Increased flexibility
These upgrades should eliminate one of the biggest drawdowns of the product – needing to craft specific commands, for specific operating systems and software versions. In other words, older variants of RubberDucky weren’t as nearly as flexible as 3.0 aims to be.
With the new version, the tool can check to see if it’s plugged into a Windows or a Mac device and act accordingly. It can also steal data from the compromised endpoint (opens in new tab) by encoding it in binary and sending it through the signals usually used to tell a keyboard if it should turn the LED lights for CapsLock or NumLock on or off.
So in theory, an attacker could plug the USB drive into a device for just a few seconds and walk away with stolen credentials.
While the device does sound ominous, it’s important to know that it’s after all a physical device, and without physical access to the target computer, it’s useless. So, the chances of it being used at scale are close to zero. And with the cost of a single device being almost $60, it’s highly unlikely someone would buy hundreds of them and leave them scattered around coffee shops and libraries, just to steal people’s passwords.
However, high-profile individuals should be wary when being handed over USB devices (opens in new tab) (or finding one, anywhere).
- These are the best antivirus (opens in new tab) programs out there today
Via: The Verge (opens in new tab)