There are many ways to hack a computer, whether through social engineering, clever code tricks, or perhaps a “weaponized” piece of hardware. One hardware vulnerability that may be overlooked is the fact that if you plug a keyboard or mouse into a computer, it automatically recognizes it as such.
Nearly all of the time, this is great, and allows you to go about your business, typing in spreadsheets, writing blog posts, or whatever you need to do that day. However, if you wished to exploit this HID-friendliness for your own uses, all you would have to do is make a keyboard emulator that looks like a thumbdrive. Plug it in, and the malicious “USB drive,” or even something that looks like an innocent fan, joystick, or even normal keyboard can type in whatever you programmed it to do, potentially helping someone gain control of the machine.
A device using this method of injecting information by masquerading as a keyboard is often called a USB Rubber Ducky. The technology isn’t static and is constantly evolving. The Malduino was recently covered on Hackaday. Malduino is a great example of this type of device, and the Elite version even allows you to select scripts to run with different switches.
Taking this one step further is the Cactus WHID, which acts as an HID injector, but can be controlled via WiFi on the hacker’s device. Naturally, this type of control expands its potential enormously, and you can see more details on the project’s GitHub page.
