This iconic dangerous USB hacking tool is back with a vengeance

RubberDucky is back to steal your passwords and more

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Rubber Ducky, the USB hacking tool that has reached celebrity status due to its part notoriety, has gotten a brand-new iteration, one more dangerous than ever before.

Security expert Darren Kitchen showed off Rubber Ducky 3.0 at the recent DEF CON event, showing there’s still life in the iconic threat yet.

The biggest change is in the DuckyScript programming language, used to create variousmaliciouscommands. While the best earlier versions could do was write keystroke sequences, this version’s language is rich in features, allowing users to write various functions, store variables, and even use if-then-else controls.

Increased flexibility

Increased flexibility

These upgrades should eliminate one of the biggest drawdowns of the product - needing to craft specific commands, for specificoperating systemsand software versions. In other words, older variants of RubberDucky weren’t as nearly as flexible as 3.0 aims to be.

With the new version, the tool can check to see if it’s plugged into a Windows or a Mac device and act accordingly. It can also steal data from the compromisedendpointby encoding it in binary and sending it through the signals usually used to tell a keyboard if it should turn the LED lights for CapsLock or NumLock on or off.

You’ll soon be able to shut down your Chromebook USB ports>Hackers are mailing out USB drives infected with ransomware>Check out the best firewalls out there

So in theory, an attacker could plug the USB drive into a device for just a few seconds and walk away with stolen credentials.

While the device does sound ominous, it’s important to know that it’s after all a physical device, and without physical access to the target computer, it’s useless. So, the chances of it being used at scale are close to zero. And with the cost of a single device being almost $60, it’s highly unlikely someone would buy hundreds of them and leave them scattered around coffee shops and libraries, just to steal people’s passwords.

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

However, high-profile individuals should be wary when being handed overUSB devices(or finding one, anywhere).

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

NYT Strands today — hints, answers and spangram for Sunday, November 10 (game #252)