We tested a BadUSB build that Rickroll'd people at the office

[Jan]

We built a flash drive that hacks any computer

Using a relatively cheap microcontroller and 3D-printed enclosure, we built a "BadUSB" device that tricks any PC you plug it into that it's a keyboard.

It can be programmed to execute a series of keyboard commands, including ones that could let attackers steal data or damage systems.

 

[quovadis]

Microsoft Defender for Keyboards coming soon.

 

[gregmcc]

Hacks any computer....that's a bit of a stretch even for mybb. It just emulates a keyboard. Try plugging it into a device that's screen locked or logged out.

 

[quovadis]

Hacks any computer....that's a bit of a stretch even for mybb. It just emulates a keyboard. Try plugging it into a device that's screen locked or logged out.

Some limitation yes, but could easily be programmed to deliver its keystrokes at the opportune time. You'd also need a payload that can bypass any protections on the computer itself.

 

[6spdmanual]

We built a flash drive that hacks any computer

Using a relatively cheap microcontroller and 3D-printed enclosure, we built a "BadUSB" device that tricks any PC you plug it into that it's a keyboard.

It can be programmed to execute a series of keyboard commands, including ones that could let attackers steal data or damage systems.

View attachment 1441031

I haaaaaattttee that song!!!

 

[hj007]

And this is why usb is blocked on company laptops.
Well not really, its blocked to stop data getting leaked, but not a bad reason to stop malicious applications.

 

[InvisibleJim]

And this is why usb is blocked on company laptops.
Well not really, its blocked to stop data getting leaked, but not a bad reason to stop malicious applications.

The clever thing about about the Rubber Ducky is that most USB blocking controls are designed to block removable storage to prevent malware running automatically or data exfiltration.

Hackers be like 'Hold my beer while I emulate your USB keyboard'

Sneaky hackers are sneaky.

 

[Crumbl0x]

I was actually thinking of building something similar for testing purposes, but with an additional programmable selector, to 'type out' two or three of my common offline passwords used for decrypting my backup vault or for the login process. The YubiKey et al. would be nice for this and other features, but it's really a pity how pricey they can get for us.

 

[Petec]

Non-matte screen. Ugh!

 

[quovadis]

And this is why usb is blocked on company laptops.
Well not really, its blocked to stop data getting leaked, but not a bad reason to stop malicious applications.

This isn't a malicious application though.

 

[hj007]

This isn't a malicious application though.

Rickrolling is always malicious..

 

[Acinixys]

And this is why usb is blocked on company laptops.
Well not really, its blocked to stop data getting leaked, but not a bad reason to stop malicious applications.

I feel like some companies dont take this stuff seriously enough

I work for one of the big 3 retailers and my work laptop is completely unrestricted

Once I log out of the company VPN its a free for all with nothing out of bounds.

 

[quovadis]

Rickrolling is always malicious..

Hehe I meant that there's no application on the drive itself thus disabling file access is moot. But I hear you