3

Is it possible to exploit the PS/2 connector like the USB (for example with something like a Rubber Ducky)?

In term of security reasons, theoretically, it should be possible to virtualize the PS/2 controller, and to reprogram it to write scripts automatically, as if an actual keyboard is plugged in.

If so, is it really that safer than USB as much as most of the people think it is?

Hashirama Senju
  • 322
  • 2
  • 3
  • 19

2 Answers2

4

It is possible to exploit the PS/2 connector but it's not possible to disguise your rouge device as a pendrive or digital camera. If it's connected to keyboard PS/2 then there's no doubt it works as a keyboard. Period.

Another aspect is: you usually have one (if any) PS/2 connector dedicated for keyboard. To exploit it without getting your attention one needs to hide their rouge hardware inside your (or identical) keyboard. With USB you can have multiple keyboards, many other devices connected. It's relatively easy to connect something that doesn't look suspicious at the first glance.

In this sense PS/2 is safer than USB.

EDIT: It came to my mind the situation may be somewhat analogous to malicious software in different OSes. Windows is attacked more than Linux because Windows is an easier target, lot more common among naive, technically uneducated users. USB is almost everywhere nowadays and this makes it a better target, while PS/2 is leaving the scene. But this is my opinion only, I have no research to support it.

Kamil Maciorowski
  • 69,815
  • 22
  • 136
  • 202
  • Why would you want to disguise your device as a pen drive? The whole point of the Rubber Ducky is that is disguise itself to a keyboard, and then with some of a schedule task/s it runs its scripts. – Hashirama Senju Jun 08 '17 at 21:40
  • And furthermore, it's fairly easy to disguise all of its electronic parts inside of an actual keyboard. – Hashirama Senju Jun 08 '17 at 21:42
  • @HashiramaSenju Why pendrive? The first sentence from your link: "The USB Rubber Ducky is a keystroke injection tool disguised as a generic flash drive". Flash drive is pendrive, isn't it? – Kamil Maciorowski Jun 08 '17 at 21:48
  • @HashiramaSenju I have expanded my answer to address your comment. – Kamil Maciorowski Jun 08 '17 at 21:59
  • Yes, Flash drive is also known as a pendrive. But what I meant it that when you try to do an exploit like that, it's preferable to be seemed as a keyboard rather than a pendrive, because keyboards is less known as a malicious – Hashirama Senju Jun 08 '17 at 22:32
  • Anyhow, the most important thing is that is *doable*. Would you mind to elaborate a little more? Is this scenario is similar to what I've said, or is the execute in a different way? – Hashirama Senju Jun 08 '17 at 22:40
1

TL;DR; PS/2 does not have some of the inherent vulnerabilities of a USB port but it can still be exploited.

Let's at the example of O.MG USB cable. It disguises itself as a common USB cable and runs payloads performing various malicious tasks, like a key logger etc.

You could build a full SOC into the cable where it would run its payloads completely isolated from a host system, just for key logging, running on the 5v/500mA power delivery in case of USB 2.0. A device like this would be completely invisible to the system.

In case of PS/2, first, keyboards do not usually come with detachable cables, so replacing the normal cable with a malicious one would be much harder. There's also a lot less power - twice less, I believe - and using a significant part of it might just cause the connected device malfunction.

So, in theory, you either would need to stealthily resolder a new, malicious cable to the keyboard that looks like the old one, it would likely need to run on its own power which it could recharge when the device is idle, or modify the device in some other way. The device also wouldn't be able to switch modes - mouse and keyboard sockets are typically separate, and a mouse connected to a keyboard socket won't function, and vice versa.

So hacking a PS/2 port would involve a lot more legwork, unless there are vulnerabilities in the architecture I'm not aware of.

Bayandur Pogosyan
  • 11
  • 3