The new USB Rubber Ducky is more dangerous than ever

The USB Rubber Ducky is back with a vengeance.

The much-loved hacking tool has a new incarnation, released to coincide with the Def Con hacking conference this year, and creator Darren Kitchen was on hand to explain it to The Verge. We tested out some of the new features and found that the latest edition is more dangerous than ever.

What is it?

To the human eye, the USB Rubber Ducky looks like an unremarkable USB flash drive. Plug it into a computer, though, and the machine sees it as a USB keyboard — which means it accepts keystroke commands from the device just as if a person was typing them in.

“Everything it types is trusted to the same degree as the user is trusted,” Kitchen told me, “so it takes advantage of the trust model built in, where computers have been taught to trust a human. And a computer knows that a human typically communicates with it through clicking and typing.”

Darren Kitchen with his creation, the USB Rubber Ducky
Photo by Corin Faife / The Verge

The original Rubber Ducky was released over 10 years ago and became a fan favorite among hackers (it was even featured in a Mr. Robot scene). There have been a number of incremental updates since then, but the newest Rubber Ducky makes a leap forward with a set of new features that make it far more flexible and powerful than before.

What can it do?

With the right approach, the possibilities are almost endless.

Already, previous versions of the Rubber Ducky could carry out attacks like creating a fake Windows pop-up box to harvest a user’s login credentials or causing Chrome to send all saved passwords to an attacker’s webserver. But these attacks had to be carefully crafted for specific operating systems and software versions and lacked the flexibility to work across platforms.

A new guidebook explains the subtleties of DuckyScript 3.0
Photo by Corin Faife / The Verge

The newest Rubber Ducky aims to overcome these limitations. It ships with a major upgrade to the DuckyScript programming language, which is used to create the commands that the Rubber Ducky will enter into a target machine. While previous versions were mostly limited to writing keystroke sequences, DuckyScript 3.0 is a feature-rich language, letting users write functions, store variables, and use logic flow controls (i.e., if this… then that).

That means, for example, the new Ducky can run a test to see if it’s plugged into a Windows or Mac machine and conditionally execute code appropriate to each one or disable itself if it has been connected to the wrong target. It also can generate pseudorandom numbers and use them to add variable delay between keystrokes for a more human effect.

Perhaps most impressively, it can steal data from a target machine by encoding it in binary format and transmitting it through the signals meant to tell a keyboard when the CapsLock or NumLock LEDs should light up. With this method, an attacker could plug it in for a few seconds, tell someone, “Sorry, I guess that USB drive is broken,” and take it back with all their passwords saved.

How much of a threat is it?

In short, it could be a big one, but the need for physical device access means most people aren’t at risk of being a target.

According to Kitchen, the new Rubber Ducky was his company’s most in-demand product at Def Con, and the 500 or so units that Hak5 brought to the conference sold out on the first day. Safe to say, many hundreds of hackers have one already, and demand will likely continue for a while.

It also comes with an online development suite, which can be used to write and compile attack payloads, then load them onto the device. And it’s easy for users of the product to connect with a broader community: a “payload hub” section of the site makes it easy for hackers to share what they’ve created, and the Hak5 Discord is also active with conversation and helpful tips.

At a price of $59.99 per unit, it’s too expensive for most people to distribute in bulk — so it’s unlikely that someone will leave a handful of them scattered in your favorite cafe unless it’s known to be a hangout place for sensitive targets. That said, if you’re planning to plug in a USB device that you found lying out in a public place, think twice about it…

Could I use it myself?

The device is fairly simple to use, but if you don’t have any experience in writing or debugging code, there are a few things that could trip you up. In testing on a Mac, for a while, I couldn’t get the Ducky to enter the F4 key to open the launchpad, but I fixed it after making it identify itself with a different Apple keyboard device ID.

From that point, I was able to write a script so that, when plugged in, the Ducky would automatically launch Chrome, open a new browser window, navigate to The Verge’s homepage, then quickly close it again — all with no input from the laptop user. Not bad for just a few hours’ testing and something that could be easily modified to do something more nefarious than browse technology news.

Repost: Original Source and Author Link


Logitech’s Bolt USB dongle bolsters encryption for its new wireless mice and keyboards

Logitech is known mostly for its consumer-facing products, but it’s making a big play to appeal more broadly to businesses that take privacy seriously. It’s launching a range of mice and keyboards that will include a new Logi Bolt USB-A dongle that aims to reduce latency in crowded workplaces and greatly boost security.

These accessories can securely connect to computers and mobile devices via Bluetooth Low Energy — no dongle necessary. Though the Bolt USB dongle is also based on Bluetooth, it will enable a far more secure tether (security mode 1, level 4). Opting for Bluetooth should make the Bolt far less prone to hacking than Logitech’s Unifying 2.4GHz receiver, which was vulnerable to the “MouseJack” hack.

In Logitech’s white paper for the Bolt, it says that security mode 1, level 4 utilizes Elliptic Curve Diffie-Hellman P-256 (ECDH) and AES-CCM encryption. The company says these measures ensure that “a Logi Bolt wireless product and its Logi Bolt receiver can only communicate with each other.” Logitech is going as far as ensuring that its direct Bolt wireless connections are Federal Information Processing Standards (FIPS) compliant. These are the standards created by the National Institute of Standards and Technology (NIST) for use within the federal government. If you’re curious about Bluetooth security, the NIST wrote a guide on it.

Logi Bolt

Curiously, Logitech didn’t opt for a USB-C option for the Bolt dongle.
Image: Logitech

Logitech says its Bolt USB dongle offers a stronger connection, too, at up to 33 feet (10 meters), even if you’re in a congested work environment. One Bolt dongle can connect up to six accessories to your computer. It’s compatible with multiple operating systems, including Windows, macOS, iOS, iPadOS, Linux, Chrome OS, and Android.

Logitech’s listing for the Bolt dongle says it’s “coming soon” and will cost $14.99. But don’t expect your current Logitech accessories to work with it. Devices that are compatible with Logi Bolt will have a Bolt logo on their underside, according to Logitech’s FAQ.

The first accessories that offer enhanced security via Bluetooth LE and include the Bolt USB dongle will launch in September, according to ZDNet. The early lineup includes Logitech’s MX Master Series for Business, comprised of an MX Master 3 and MX Keys. There are also webpages up for business editions of Logitech’s Ergo K860 split keyboard, the MX Anywhere 3, and the Ergo M575 wireless trackball mouse.

Repost: Original Source and Author Link


PlayStation 5 system update is a big one with USB storage leading the way

Sony today confirmed details of a new PlayStation 5 update that will be arriving tomorrow. This is the first major system software update for the console, and it’s a sizable one that adds new storage and social features. Once this update is applied, PS5 users will be able to move their games between the console’s internal storage and external USB drives.

That is a big addition indeed, because with only 667GB of usable space on the PlayStation 5’s SSD, owners are likely to bump up against internal storage space limits sooner rather than later. With this feature, you can essentially archive your games on compatible USB storage and transfer them back to the console when you want to play (games can’t be played from USB storage, unfortunately).

Sony says that transferring games from USB storage is faster than re-downloading or re-installing them from a disc, so if you have a compatible USB drive, that seems to be the ideal way to manage your games for now. You can check extended storage hardware requirements over on the PlayStation support site. Remember that eventually Sony will allow us to use the extra M.2 expansion slot within the PlayStation 5, but for the moment, that slot is inactive.

In addition to the support for USB storage, this update is also delivering a bunch of new social features. PS5 users and PS4 users can now use cross-generation Share Play when in party chat with one another, meaning that PS5 owners can share their screen and let PS4 owners watch gameplay. PS5 users can also pass their controller virtually to a friend and let them take over, or pass a second controller virtually for remote co-op play.

PS5 and PS4 users will also have a new “Request to Join” option available, allowing them to request to join a friends’ game instead of waiting for an invite. PS5 users are also getting improvements to Game Base that will let them switch between their current parties and their friends list on the fly. In-game, you’ll be able to disable voice chat entirely or adjust chat volume levels for other players. PS5 owners will also be able to pre-download game updates – assuming that developers support that feature as well.

Other incoming changes include game library customization options that will let you hide games from view and search your library, and new screen zoom options available in the settings menu. Sony will even let you customize when trophy screenshots and videos are captured, so if you want to set it up to only record a clip when you collect a platinum trophy, you can do just that.

Finally, we’re also getting some new features for the PlayStation app, but those seem to be launching separately from the update. PS5 owners will soon be able to use the app to join multiplayer sessions, manage their console storage through the app, and compare trophy data with friends. While those features will be hitting the PlayStation App in the coming weeks, Sony says that this system software update for the PS5 will be rolling out globally beginning tomorrow, so keep an eye out for it to land.

Repost: Original Source and Author Link


What USB 3.2 and Wi-Fi 6 mean for your next PC

You expect every laptop to have Wi-Fi and some kind of USB. What you probably don’t expect is battling specs that will make it difficult to know what sort of wireless and USB you have. We’ll sort it out for you here: What Wi-Fi 5 and USB 3.2 mean, and why they’re the same thing as good ol’ 802.11ac and USB 3.1. 

Confused? That’s okay. You’re just the latest victim of a major rebranding of both Wi-Fi and USB. With the release of major performance updates to both specs, both have also received extreme makeovers. We’ll lay it all out below.

Wi-Fi 6: This is the newest standard and has the shiny good stuff, like up to 3.5Gbps of speed, plus power savings and less network congestion (read our sibling site Macworld’s primer for more details). We’ll point out that you will also need a new router that supports Wi-Fi 6 to realize its full potential. If you care about Wi-Fi and intend to run the latest gear, you’ll want to make sure it is Wi-Fi 6-complaint.

USB 3.2 Gen 2×2: This is the newest standard for USB and doubles the speed of USB 3.1’s 10Gbps to 20Gbps. (We’ve written a primer on USB 3.2 and USB4 here.) You’ll need both a new computer and new peripherals that support the standard to enjoy its benefits.

The problem with USB 3.2 Gen 2×2 is that’s not even what it’s called. The correct name is actually SuperSpeed USB 20Gbps, but the name we expect most people to use is ‘USB 3.2 Gen 2×2.’ Look for either name on PCs and devices if you want to be up-to-date on the standard.  

How to translate the new USB and Wi-Fi naming schemes 

While high-end laptops might get the new features, there undoubtedly will be many computers still using older hardware. Many of these computers are likely to use the newer nomenclature to maintain consistency.

So yes, we can almost guarantee you will see laptops sporting USB 3.2 and Wi-Fi 5 specs sitting next to laptops with USB 3.1 and 802.11ac bullet points, and both will be the same. 

To help you figure this out, we’ve outlined what the Wi-Fi specs are called now, and what your salesperson is likely to call it.

Repost: Original Source and Author Link


The Best Windows Hello USB Fingerprint Scanners

Windows Hello is Microsoft’s biometric sign-in option for Windows 10, allowing you to sign in with a fingerprint or face ID. However, if you have an older computer or one without the right features, these Hello sign-in options may not be available to you. That’s where fingerprint scanner accessories come in.

Unfortunately, it’s not always easy to find the right scanners for the job. Not all of them work with Windows Hello, and some are cheap knockoffs that aren’t worth your time. To help out, we’ve created a list of the best fingerprint scanners that are guaranteed to work with Windows Hello, starting with an excellent Verifi P5100 USB model.

Verifi P5100

Verifi specializes in sturdy, reliable fingerprint scanners, particularly for desktop models: The exceptional PF5100 model uses a large silicon sensor, which is more accurate than optical sensors and even manages to give the all-metal design some style.

The Verifi P5100 is compatible with password managers and even comes with a free download for the password manager Roboform. For setup, just log into Windows 10 and search for biometric devices to start the process. It’s ideal for protecting business or personal desktop computers, but the price may be a little high for some buyers. The wired design also makes this model more difficult to use for laptops.

PQI Mini USB Fingerprint Reader

Small USB readers are designed to fit onto laptops without being a burden: Many of them are so small that you can leave them and still fit your laptop into a case or bag without problems. PQI offers one of the best of these models, a fast and tiny reader that’s entirely compatible with Windows Hello.

You can program it with up to 10 different fingerprints to allow others to access your laptop as needed. The PQI Mini USB Fingerprint Reader can also help you automatically encrypt files if you want to set up the software, although this part isn’t necessary for operation. PQI calls their fingerprint reader the fastest in the world, and while that’s hard to prove, it really does just take a fraction of a second to read a fingerprint, which does help speed up the login process.

Kensington VeriMark Reader

This tiny, portable Kensington reader comes with a keychain fob so you can easily take it off and store it when on the go – although it’s small enough that you may not need to.

In addition to Windows Hello compatibility, the Kensington VeriMark Reader also comes with FIDO second-factor authentication, which is used to protect and access cloud files on Chrome. Encryption is also used to protect all the fingerprint data held on the reader. It’s a bit more expensive than other compact option, but the extra security features make it well worth it.

Lexar Jumpdrive Fingerprint Reader

Lexar’s approach to a fingerprint reader offers an additional benefit that could be just what you want: The fingerprint scanner is connected to a jump drive that offers 64GB of extra storage. Files on the drive are encrypted with 256-bit AES encryption, and yes, you can use both the fingerprint reader and the drive at the same time. You can program it with up to 10 fingerprints as well.

The 64GB size is a strong middle-of-the-road option, but you can choose bigger or smaller storage sizes if you prefer. Regardless of what storage size you choose, the Lexar Jumpdrive Fingerprint Reader comes in one standard size that will protrude from your laptop’s USB port, so you can’t leave it in when you’re packing up your device.

DigitalPersona Reader

The DigitalPersona reader is compatible with desktop computers, so it’s geared for businesses that want a durable fingerprint reader. There are a lot of purposes you can use this reader for, and it’s compatible with Windows, so it’s the ideal choice for PC desktops.

The software can be difficult to install, so unless you’re well versed in IT skills, you might not want to choose it for your home computer. The DigitalPersona Reader also includes a blue LED light so you know when it’s working, a surprisingly comforting feature.

Editors’ Choice

Repost: Original Source and Author Link


Turn one USB port into four with this on-sale $5 USB hub

Some PC or home theater peripherals are necessary, but it’s annoying that they’re necessary, so you don’t want to pay much for them. Well, today’s the day to pick-up an Anker non-powered 4-port USB Hub for $5 with the code ANKERAHUB.

“Non-powered” means that the hub doesn’t draw power by plugging it into a standard wall outlet. Instead, it draws power from the USB port you plug it into on your computer. That means this hub won’t be able to power most external hard drives, though it should work well with flash drives and peripherals like keyboards and mice. Once it’s running, the hub supports data transfer up to 5 gigabits per second over USB 3.0.

Anker’s 4-port hub is very tiny and will stay out of your way, measuring just 0.4 of an inch high. It also comes with a two-foot cord for getting its power from a standard USB connector. The non-powered hub doesn’t support charging, of course. If you’re using this for a laptop with only one charging port, for example, you won’t be able to recharge your smartphone and run this hub at the same time.

Still, for $5, this is a great, affordable way to add some extra USB ports to your PC.

[Today’s deal: Anker 4-port USB 3.0 hub for $5 at Amazon.]

Note: When you purchase something after clicking links in our articles, we may earn a small commission. Read our affiliate link policy for more details.

Ian is an independent writer based in Israel who has never met a tech subject he didn’t like. He primarily covers Windows, PC and gaming hardware, video and music streaming services, social networks, and browsers. When he’s not covering the news he’s working on how-to tips for PC users, or tuning his eGPU setup.

Repost: Original Source and Author Link


What Is USB 3.1? | Digital Trends

Chances are, you’ve already used USB 3.1 in your daily life. USBs (which stands for “Universal Serial Bus”) are a commonly used type of cord to connect two devices, like a PC with a gaming device or camera. So what sets USB 3.1 apart from other options, like USB 3.2 or USB-C?

Read on to find out the strengths and weaknesses of USB 3.1 and to learn more about technological advancement in current USB innovation.

By the numbers

USB 3.1 is a generational number that mostly refers to the data transfer speed of the USB connector, not its shape or size. Officially launched in July 2013, USB 3.1 effectively replaced USB 3.0 as the new, high-speed USB standard. It would, in turn, go on to be replaced by USB 3.2, which would refresh the naming conventions of USB as well. That has resulted in a rather confusing mess of names and speeds. Some may still refer to various USB speeds, colloquially at least, as USB 3.0, 3.1, and 3.2, individually, but the official naming convention and their respective speeds are as follows:

  • USB 3.2 Gen 1, is USB 3.0. It has a maximum throughput of 5Gbps. This is also known as SuperSpeed USB.
  • USB 3.2 Gen 2, is USB 3.1. It has a maximum throughput of 10Gbps. This is also known as SuperSpeed USB 10Gbps.
  • USB 3.2 Gen 2×2, is USB 3.2. It has a maximum throughput of 20Gbps. This is also known as SuperSpeed USB 20Gbps.

Can you see why so many people are hotly excited for USB4 to move us past this messy naming convention?

All of these speeds are the theoretical maximums of the USB standard and are unlikely to be seen in everyday use, but you will certainly see an increase in transfer speed for files of most sizes when using a USB 3.2 Gen 2 (USB 3.1) device over one that is rated USB 3.2 Gen 1, or USB 3.0, only.

A standard Type-A cable, used for most current PC accessories.

USB 3.2 Gen 2 isn’t supported by all modern devices but has slowly seen greater support over the past few years. A good example of a change between hardware generations is with Dell’s XPS 13 laptop. The 2017 XPS 13 9360 laptop shipped with two USB 3.2 Gen 1 ports, while the 2018 and 2019 models replaced those with USB 3.2 Gen 2 connections of the USB-C flavor. More on that later.

Another big advantage of USB 3.2 Gen 2 is that it can support a feature known as Power Delivery 2.0. It allows compatible ports to provide up to 100 watts of power to the device they’re connected to, thereby allowing for the charging of larger devices like laptops through a single USB cable. This is most commonly seen in laptops that use the new USB-C standard.

USB-C isn’t the same as 3.1

macbook usb type c
Maurizio Pesce/Flickr

While often associated with USB 3.2 Gen 2 and Gen 2 2×2, USB-C is not the same thing. USB letter types, like A, B, and C, denote the shape and form of the port and connector, while the number types (3.2, etc.) denote the data transfer capabilities.

Many modern devices have moved away from the classic USB-A, USB-B, and micro-USB ports, and toward USB-C — which is small, reversible, and often goes hand in hand with faster transfer speeds. While that isn’t always the case, the fastest USB 3.2 2×2 transfer speeds are only possible on USB-C.

USB-A is still offered on a number of devices for legacy support of older accessories and cables that still use that standard, but it’s becoming increasingly common for laptops and smartphones to ship with just USB-C connectivity.

Whether a laptop, tablet, or smartphone has USB-A, USB-C, or some other connection in that wheelhouse though, it does not guarantee that it is USB 3.2 Gen 2. The Microsoft Surface Book 2 ships with two USB-A ports and a USB-C port, all of which are “USB Gen 1” which is actually USB 3.2 Gen 1 (USB 3.0), not 3.2 Gen 2 (3.1). It’s confusing but shows how important it is to read between the lines if you care about your new hardware having the latest standards.

What about Thunderbolt 3?

Dell XPS 13 9370 review | Ports on the left side of the laptops
Bill Roberson/Digital Trends

To make things even more confusing, USB-C ports can also be compatible with Thunderbolt 3. Thunderbolt 3 is a standard that utilizes the USB-C port and offers data transfer rates up to 40GBps — four times that of USB 3.2 Gen 2 and even two times that of the fastest USB 3.2 Gen 2×2. Although it can be cross-compatible with USB 3.2 Gen 2 cables, that’s not always the case.

The USB 3.2 Gen 2 caters specifically to data exchange and charging which is very different from the unlimited capabilities offered by the Thunderbolt 3. Not only can you use the Thunderbolt 3 to charge and move data, but you can stream media and other content as well. The Intel developers responsible for creatingThunderbolt 3 state that you can transfer data, charge your devices, and stream videos onto other screens all at the same time. This is possible by leveraging the USB-C port to increase the device’s compatibility over all previous generations.

A USB-C port may contain Thunderbolt 3 capabilities, or it might only be compatible with USB 3.2 Gen 2. It is usually very easy to determine if Thunderbolt 3 is included on a port and the majority of computer brands will point this out quickly.

The Universal Serial Bus port is used all over the world as it is considered the top model for all ports. But the USB Implementers Forum — a forum of experts from companies like Intel, Microsoft, Apple, and HP who work to oversee the standard’s development — is always working on new ways to improve it.

Editors’ Choice

Repost: Original Source and Author Link