[daffy]

> depending on the OS, it's possible to craft a USB stick that copies files to a remote server as soon as it's plugged in.

Is this possible with Linux?

[michaelt]

You can get a 'USB rubber ducky' [1] which emulates both a USB memory stick and a USB keyboard, allowing you to script keystrokes for the keyboard [2]

So it can do anything a newly plugged in keyboard can do. Which, if the user is already logged in, makes grabbing the user's files easy.

[1] https://shop.hak5.org/collections/usb-rubber-ducky/products/... [2] https://github.com/hak5darren/USB-Rubber-Ducky/wiki/Payloads

[daffy]

This will only work, I suppose, if the attacker knows beforehand a keychord that will focus a terminal.

[DarkWiiPlayer]

on most desktop linux distros: <windows>terminal<enter> is enough

[jonathanstrange]

Hehehe...on my machine that selects "Emacs (Terminal)". Good luck with those key combos...

[maeln]

Yes and no. The idea is to emulate a keyboard and mouse. You then use OS shortcuts to, for example, start a terminal and type command in it. So it can work with Linux but, because of the diversity of Distribution, DE, etc, it is more difficult to be sure of the shortcuts that you can use, whereas on windows or mac, they will usually always be the same (for exemple, Windows+R on windows to launch a launcher, and then type cmd.exe).

[kryptiskt]

Yes, the device can present itself as both a keyboard and storage device and send the copy commands via keystrokes.

[unionpivo]

yes. Mouse jiggers pretend to be regular mice an keyboard.