Im kind interested , is it possible to exploit IOT devices with Usb 'RubberDucky' like Routers, servers , printers, modems with 'USB insertion'?
Asked
Active
Viewed 245 times
0
-
1What is your understanding of 'use'? Could you rephrase your question? – FMaz Feb 25 '17 at 13:55
-
Hello , just want to know if it's possible to exploit IOT things with it. Which 'use' means exploit. – kratos Feb 25 '17 at 15:58
-
If by exploit you mean the duckies capabilities to emulate Keyboard Input then most likely no. Unless the router has a terminal running and is forwarding input from /dev/input to it. Which is unlikely. Even if that were the case, you'd need to be doing blind injection anyways. So no. – FMaz Feb 25 '17 at 16:11
-
Hi Kratos - so far all your questions have been closed. I'd suggest having a good read of our [about] and [ask] pages to understand why, and how you need to structure posts here. – Rory Alsop Feb 27 '17 at 08:42
1 Answers
1
In summary: most devices will probably be not exploitable this way but given the infinite wisdom of IoT developers I'm pretty sure they will come up with devices where this is possible.
There is a variety of IoT devices out there, especially since there is no stringent definition of what an IoT device is at all. Some of these devices will probably also accept both USB keyboard and USB storage. And in some of these devices the user might also do harm by entering specific stuff on the keyboard. This ability might be by design or it might be a debugging capability which was left in production code. With such devices BadUSB can work too since it relies on the idea that plugs in an USB stick which looks like a storage but behaves like a keyboard.
Steffen Ullrich
- 201,479
- 30
- 402
- 465