How to secure against Rubber Ducky and malicious USB

USB Keys

What would you do if you found a USB flash drive on the ground in the parking lot of your office? Would you take it home to see what was on it? Or would you open it on your office PC so you don’t have to wait to get home? If the answer to one or more of these questions is “yes”, then you are at risk of a cyber attack!

The USB Rubber Ducky is a particular type of USB flash drive, programmable and with a configurable payload to create backdoors, exfiltrate documents, capture credentials.

They are usually composed by a simple Raspberry Pi programmed in such a way to be able to execute commands in the shell of the system where they are inserted acting as HID (Human Interface Device) able to type up to 1000 words per minute, so in a few seconds they can compromise the system and their late disconnection doesn’t prevent the execution of the payload.

How to protect yourself? Easy, I recommend 3 simple moves that you can do immediately:

  1. Less privilege, by granting granular permissions to users and limiting the number of administrators you can greatly reduce the risk of running untrusted or unverified programs
  2. Administrator authorization pop-up, since HID devices need administrator permissions to operate on the shell undisturbed, a fundamental step that we can take to protect ourselves from USB Rubber Ducky is to change the authorization mode to execution requests that require administrative credentials, forcing you to enter the password instead of simply clicking on Yes to confirm the identity as system admin. For simplicity I have prepared a file that allows you to modify the ConsentPromptBehavior key of the Windows Registry that you can download here.
  3. Physical protection, blocking the use of USB ports of PCs in our network and authorizing only devices approved by the organization (perhaps through MAC address and the use of software for data protection)

Let me know in the comments below if you found this article useful and if there are other useful steps we could add to improve our security!

I simplify, as always, the work of research by reporting below the links of interest to deepen:
Create your USB Rubber Ducky: NetworkChuck – bad USBs are SCARY!!
Buy your USB Rubber Ducky: HAK5 – USB Rubber Key Deluxe

For any information, do not hesitate to contact me and remember: Play Safe & Hack Ethically!