The new USB Rubber Ducky is more dangerous than ever – The beloved hacker tool can now pwn you with its own programming language

rubberDucky.0

To the human eye, the USB Rubber Ducky looks like an unremarkable USB flash drive. Plug it into a computer, though, and the machine sees it as a USB keyboard — which means it accepts keystroke commands from the device just as if a person was typing them in.

The original Rubber Ducky was released over 10 years ago and became a fan favorite among hackers (it was even featured in a Mr. Robot scene).

“Everything it types is trusted to the same degree as the user is trusted,” Kitchen told me, “so it takes advantage of the trust model built in, where computers have been taught to trust a human. And a computer knows that a human typically communicates with it through clicking and typing.”

While previous versions were mostly limited to writing keystroke sequences, DuckyScript 3.0 is a feature-rich language, letting users write functions, store variables, and use logic flow controls (i.e., if this… then that).

See https://www.theverge.com/23308394/usb-rubber-ducky-review-hack5-defcon-duckyscript

#technology #hacking #rubberducky #security