Updated Version of USB Rubber Ducky Hacking Tool Released

At the DEF CON conference, an updated version of the USB Rubber Ducky hacking tool was presented. The authors say that they seriously updated DuckyScript (the language used to create commands), taught the device to determine whether it is connected to a Windows machine or Mac, generate pseudo-random numbers, and so on.

Let me remind you that the original “duck” from the Hak5 company appeared more than 10 years ago, and over the years the device has become not only popular, but even managed to light up in the series “Mr. Robot” and has undergone various changes more than once. In fact, this device, which looks like a regular flash drive, emulates a keyboard and, when connected to a computer, types any malicious commands specified in it.

USB Rubber Ducky creator Darren Kitchen brought a new version of the device to DEF CON this year for $59.99 today. Kitchen told The Verge that all 500 devices were sold out at the conference on the first day.

Kitchen with updated Rubber Ducky. Photo: The Verge

USB Rubber Ducky has been able to perform actions such as creating a fake pop-up window in Windows (to collect user credentials) or being able to force Chrome to send all saved passwords to an attacker’s web server before. However, such attacks have been carefully designed for specific operating systems and software versions. According to Kitchen, they lacked the flexibility to work on different platforms.

The latest USB Rubber Ducky is designed to overcome these limitations. As mentioned above, the authors have seriously worked on the DuckyScript language, which is used to create commands used by the “duck” on the victim’s machine. While previous versions were mostly limited to typing specific keystroke sequences, DuckyScript 3.0 is a multifunctional language that allows users to write functions, store variables, and use logical flow controls.

Effectively, this means that an updated device can run a test and determine if it’s connected to a Windows machine or Mac, and then execute code appropriate for the specific OS (or disconnect if connected to the wrong target). Also, the new USB Rubber Ducky can generate pseudo-random numbers and use them to add a variable delay between keystrokes to make it more human-like.

Moreover, the developers of the hacker gadget seem to have drawn inspiration from the work of researchers at Israel’s Ben-Gurion University, who are known for coming up with many highly non-trivial methods for extracting data from machines that are physically isolated from any networks and potentially dangerous peripherals. For example, using electromagnetic signals from SATA cables or changing the brightness of a monitor screen.

So now the USB Rubber Ducky can transfer data collected on the target machine by converting it to binary code and using the Keystroke Reflection technique, which abuses signals that tell the keyboard when the CapsLock, NumLock, and ScrollLock LEDs should light up.