Rubber Ducky is back to play tricks on you. Released nearly 10 years ago, this USB key has quickly carved out a place for itself as one of the most adored hacking tools in the hacker community. Highlighted by the series Mr Robotit is one of the symbols of hacking.
During the Def Con Hacking Conference, an event bringing together part of the hacker community, its creator, Darren Kitten, unveiled the new features of his Rubber Ducky. A USB key with a banal appearance but with phenomenal power.
A very effective hacking tool
The principle of this USB key is that it will simulate the action of an integrated keyboard so that the target computer does not suspect anything and accepts the commands issued by the key as coming from the basic user. Skillful operation that “ therefore takes advantage of the built-in trust model, through which computers have learned to trust a human. And a computer knows that a human usually communicates with it by clicking and typing », points out Darren Kitten
Historically, the Rubber Ducky revealed its full potential once plugged into the target computer. With a basic appearance, this USB key could trigger a fake Windows pop-up to then collect connection data. A script also sent all saved passwords from Chrome to a hacker server.
Rubber Ducky 3.0 improvements
The use of this USB key can thus have serious repercussions for the victim and it is not about to stop with version 3.0. The main improvement made to this model is that it can now act directly on any target computer, regardless of the version of its operating system.
In short, the Rubber Ducky can now launch a code according to the characteristics of the computer whereas the hacker previously had to prepare it upstream according to the chosen target. A major improvement that greatly simplifies its use and especially its adaptation.
This hacking tool would now be able to recover all the passwords present on a computer in a few seconds. It could steal data by encoding it in a binary format and then sending it back to the USB key via signals that are supposed to tell the keyboard that the Caps Lock or Num keys should light up. Impressive feats to say the least but which are unlikely to affect mass victims since the use of the key requires a physical presence on the target machine.
Source : The Verge
6