[[Question] Defences Against the Ducky?]

The Defense against this

Phew, luckily we do quite a lot of that with regard to physical security. They could get a cherry picker to get up to our office window - but I'm sure our CCTV operators would notice that overnight. During the day we have rabid children patrolling the site :-)

[[Question] Defences Against the Ducky?]

Hmmm... so I'm thinking, how do I defend myself against this thing?

1. Our PCs are fairly locked down - so you wouldn't (for example) be able to use Start>Run as a normal user.
2. Physical security: Don't plug in unknown USB sticks when you're an administrator - common sense really - and naturally enough don't leave your machine physically accessible to third parties anyway.
3. You might be able to detect this on the basis of the speed of typing - even if we assume a really fast typist, there's probably some sort of clue with respect to regularity of the keystrokes.

I suppose you could pretend to be a memory stick as well as a HID? We're used to occasionally seeing the "Windows has detected new hardware" message, and most of us will plug in a memory stick without really thinking. (Usually because we think our virus checker will protect us.) Assuming that you did go the Start>Run route, then you could deliver your payload while their back is turned with a wireless click - so they wouldn't see the momentary flash of the dialog on screen. You could even disguise it when they're browsing the net - they'd probably think it was a pop-up.

The key thing is to know it's out there, so you're better prepared.

That said, if you've physical access, wouldn't it be better to sit as a keylogger in between - perhaps disguised as a USB hub? You'd be more likely to go unnoticed, as you're being passive, not active?