Regardless of the repeated warnings of system directors, IT personnel, and anybody reasonably conscious of operational safety, there are nonetheless fairly just a few individuals who will gladly plug a mysterious flash drive into their computer systems to see what’s on it. Units which reap the benefits of this well-known behavioral vulnerability have a protracted historical past, essentially the most well-known of which is Hak5’s USB Rubber Ducky. That emulates a USB enter system to quickly execute attacker-defined instructions on the goal laptop.
The primary drawback of those keystroke injection assaults, from the attacker’s perspective, is that they’re not notably refined. It’s often pretty apparent when one thing begins typing hundreds of phrases per minute in your laptop, and the sufferer’s subsequent transfer might be a name to IT. That is the place [Krzysztof Witek]’s open-source Rubber Ducky clone has a bonus: it makes use of a sign detected by a SYN480R1 RF receiver to set off the deployment of its payload. This does require the penetration tester who makes use of this to be on the positioning of the assault, however in contrast to with an always-on or timer-delayed Rubber Ducky, the attacker can set off the payload when the sufferer is distracted or away from the pc.
This venture relies across the ATmega16U2, and runs a firmware primarily based on microdevt, a C framework for embedded improvement which [Krzysztof] additionally wrote. The venture features a customized compiler for a lowered type of Hak5’s payload programming language, so at the least among the out there DuckyScript applications ought to be appropriate with this. The entire venture’s information can be found on GitHub.
Maybe as a result of simplicity of the underlying idea, we’ve seen just a few open supply implementations of malicious enter gadgets. One was even constructed right into a USB cable.
