Faculty Mentor

Dr. Bryson Payne

Proposal Type

Poster

Start Date

2-11-2019 3:20 PM

End Date

2-11-2019 4:30 PM

Location

Cleveland Ballroom

Abstract

This project displays the damage causable when a hacker has access to a Windows computer and is armed with an innocuous-looking USB drive which happens to be the USB Rubber Ducky. When programmed, the keystroke injection Ducky can type commands at 1000 words per minute [1].

To demonstrate the Ducky’s capabilities, a Windows virtual machine was newly created, observed for resources, and actually attacked. Though the Ducky’s input had to be arbitrarily slowed for the virtual machine to receive it, we wanted to show how a minute is all it takes for the Ducky to cause problems regardless.

The verdict is clear: a minute is enough time to cause extensive harm. By then, either the information was copied, the ransomware was processing, or the exploit was complete—the attacker could leave as the objective is complete. Though security is not sexy, we need to embrace it to protect our medical devices [1], voting machines [2], and IoT devices.

A successful attack is measured primarily by amount of content affected (passwords, banking information), but may include how stealthily it was carried out (hidden command execution, shorter times) and how much evidence was removed (registry artifact deletion). As shown in this project, regardless of whether by social engineering, the morbid curiosity of users, or an attacker having mere seconds undisturbed with the computer – by allowing the Ducky to run, the game is lost. Trade secrets are forfeit; files, held ransom. The attacker may even install a backdoor and carry on undetected – for years – as an Advance Persistent Threat [5].

Share

COinS
 
Nov 2nd, 3:20 PM Nov 2nd, 4:30 PM

#29 - Getting Duck'd On: USB Rubber Ducky Keystroke Injects

Cleveland Ballroom

This project displays the damage causable when a hacker has access to a Windows computer and is armed with an innocuous-looking USB drive which happens to be the USB Rubber Ducky. When programmed, the keystroke injection Ducky can type commands at 1000 words per minute [1].

To demonstrate the Ducky’s capabilities, a Windows virtual machine was newly created, observed for resources, and actually attacked. Though the Ducky’s input had to be arbitrarily slowed for the virtual machine to receive it, we wanted to show how a minute is all it takes for the Ducky to cause problems regardless.

The verdict is clear: a minute is enough time to cause extensive harm. By then, either the information was copied, the ransomware was processing, or the exploit was complete—the attacker could leave as the objective is complete. Though security is not sexy, we need to embrace it to protect our medical devices [1], voting machines [2], and IoT devices.

A successful attack is measured primarily by amount of content affected (passwords, banking information), but may include how stealthily it was carried out (hidden command execution, shorter times) and how much evidence was removed (registry artifact deletion). As shown in this project, regardless of whether by social engineering, the morbid curiosity of users, or an attacker having mere seconds undisturbed with the computer – by allowing the Ducky to run, the game is lost. Trade secrets are forfeit; files, held ransom. The attacker may even install a backdoor and carry on undetected – for years – as an Advance Persistent Threat [5].