Rubber Ducky Station: Advancing HID Attacks with Visual Data Exfiltration

Rubber Ducky Station: Advancing HID Attacks with Visual Data Exfiltration

연구 분야: Safety

학회: IFIP International Conference on ICT Systems Security and Privacy Protection

Human Interface Device (HID) automation represents a frequently overlooked yet highly effective cyberattack vector. In this paper, we present the Rubber Ducky Station (RDS), an advanced HID-based attack tool that builds upon and surpasses the functionality of traditional Rubber Ducky devices. By integrating screen-capturing capabilities and a local network interface, the RDS enables non-intrusive data exfiltration through the duplication and recording of screen output, all without the victim’s awareness. The RDS leverages visual feedback to adapt dynamically to varying conditions, such as device types, operating systems, and keyboard layouts. Furthermore, it uses visual signals as a stealthy exfiltration channel, eliminating the need for code execution on the target system. This approach allows the RDS to bypass detection mechanisms, including antivirus software and intrusion detection systems. A prototype of the RDS, developed at an approximate cost of 60 USD, integrates keyboard emulation, screen recording, and OCR capabilities, along with a local Wi-Fi network interface for seamless data exfiltration. We evaluate the RDS across multiple operating systems and compare its functionality to existing Rubber Ducky devices and Remote Access Trojans (RATs). The results demonstrate successful attacks on widely used platforms, including Ubuntu, Debian, Windows, and Android, as well as against various antivirus and Endpoint Detection and Response (EDR) solutions, such as Citrix Workspace, Windows Defender, Avira, Avast, Kaspersky, and Sophos.