INTRODUCTION
Did you know that something as innocuous as a USB stick could be hiding sophisticated technology that allows for data exfiltration and remote code execution? All that’s needed is physical access to the target device and this inconspicuous device—the USB Rubber Ducky.
This information is provided for general awareness and defense purposes only. This information also is not intended to be a complete description of the functionality or risks of the identified tools.
WHAT IS A USB RUBBER DUCKY?
A USB Rubber Ducky is easy to conceal and appears, on first physical inspection, to be no different than an ordinary USB stick. However, this cheap and commercially available device is actually hiding some nefarious technology under its hood which allows for a range of attacks on a target device.
HOW DOES IT WORK?
The USB Rubber Ducky communicates using the Wi-Fi protocol. Once the USB is plugged into the target device, an attacker can carry out a range of malicious actions such as remote code execution, keystroke injection, and data exfiltration. All of this occurs using a command and control interface operating over Wi-Fi.
CTO Dr. Brett Walkenhorst dives into the function of the USB Rubber Ducky
HOW CAN I UNCOVER A USB RUBBER DUCKY?
Since the USB Rubber Ducky operates over Wi-Fi, a robust wireless monitoring system, like Bastille, will be able to identify and localize the malicious device. Employing continuous monitoring is a strong first step in gaining increased visibility into the wireless activity within your space which will allow you to have a quicker, more efficient response should one of these nefarious devices end up in your facility.
WHAT CAN I DO TO DEFEND AGAINST THIS THREAT?
Bastille recommends a few security best practices for this type of threat:
Implement Wireless Monitoring in Your Space: Gaining visibility into the wireless activity within your space is key when trying to identify relatively innocuous devices such as these commercial tagging devices.
Buy From Trusted Vendors: Upon physical inspection, this USB stick may appear harmless. While they are, usually, clearly labeled as a hacking device, only buying from, and allowing employees to use devices from, trusted vendors can help cut down on the chance that one of these devices ends up in your space accidentally.
Update and Enforce Your Security Policy: Establish and educate upon a corporate policy for all employees regarding these types of devices to help keep your space secure.
Stay Up to Date: The landscape of wireless security is constantly evolving. In order to defend against these threats, you need to know what’s out there. Check out our recent webinar on Wi-Fi Vulnerabilities in which CTO Dr. Brett Walkenhorst dives into the Wi-Fi protocol and other devices like the USB Rubber Ducky.