The famous Rubber Ducky USB key, one of the greatest symbols of computer piracy, is back ten years after its release in a much more powerful version 3.0, much to the detriment of its victims.

The famous Rubber Ducky USB key one of the greatest

The famous Rubber Ducky USB key, one of the greatest symbols of computer piracy, is back ten years after its release in a much more powerful version 3.0, much to the detriment of its victims.

When Def Con Hacking Conference, an event bringing together part of the hacker community which took place from August 11 to 14, the creator of the famous Rubber Ducky, Darren Kitten, presented the new version of his hacking tool. The Rubber Ducky was released nearly 10 years ago and quickly established itself as a staple in hacking. It has also become enormously popular thanks to its use in the series mr robot.

With its most basic and all-purpose appearance, the Rubber Ducky is able to simulate the action of a keyboard so that the device does not suspect anything. It then injects any type of commands without issue since those commands appear to be issued by the base user. A functioning that “so takes advantage of the built-in trust model, by which computers have learned to trust a human. And a computer knows that a human usually communicates with it by clicking and typing”explains Darren Kitten at The Verge. The Rubber Ducky has seen many updates, but version 3.0 is a real leap forward with its new features, which make it much more flexible and powerful.

Rubber Ducky: improved flexibility

Previous versions of Rubber Ducky launched a fake Windows pop-up window to harvest device user login data, or forced the Chrome browser to send all saved passwords to a hacker web server. Actions that can have big repercussions on the victim! However, the Rubber Ducky had a small weakness, since its attacks had to be carefully designed for specific operating systems and software versions. In short, the approach lacked flexibility to be able to work on all platforms, and the hacker had to prepare his attack upstream according to the chosen target.

The new version of the Rubber Ducky aims to correct this problem – much to the chagrin of future victims. Now, it can act directly on any targeted device regardless of its operating system version. It will thus run a test to see if it is connected to a Windows or Mac machine and run the code under certain conditions. It can also generate pseudo-random numbers and use them to add a varying delay between keystrokes to simulate human action – one person cannot key in all the codes at once, consistently, and never mistake. In addition, he can now steal data – including passwords – from his target in seconds. To do this, it encodes them in binary format and transmits them to the USB key via signals intended to indicate to the keyboard when the Caps Lock or Num keys should light up. However, there is a limit to its power, since the Rubber Ducky must be physically connected to the machine to work – which is not given to just any hacker.

There are several purchase packs for the hacking USB flash drive, starting at $59.99 for the Rubber Ducky individually. The packs also contain an online development suite, which can be used for the purpose of writing and compiling attack payloads, then uploading them to the USB stick. Users can even connect to a larger community and easily share their creations and give each other advice. Hope they put it to good use…

ccn5