How a Rubber Ducky works and why it is so dangerous

There are many methods by which they can attack our computer. For example, through a link that downloads a virus, a Trojan that reaches us as an email attachment, some program that we have installed and is actually malicious… But also through a physical device. In this article we talk about Rubber Ducky , which is a pendrive with certain peculiarities and that can be a problem for our security.

What is a Rubber Ducky

How a Rubber Ducky works

A Rubber Ducky we can say that it is a modified pendrive . When we put a USB memory in the computer, we can easily copy and paste files. It acts as a memory where we can host photos, documents or any folder as long as it does not exceed the available storage space.

On a pendrive we can even program scripts to copy files from a computer, or vice versa. However, for this script to be executed we will have to open the USB memory and double click on the corresponding file. It is not something that is done automatically, without interaction.

However, a Rubber Ducky will be able to execute these scripts automatically. You will simply need to get power to be connected to the computer. It will automatically start copying files or carry out some preset action.

It is precisely the latter that we mention that makes it a security hazard. It can be used to steal data or infect our computer. For this, it would be enough that we connect it to the computer and receive power.

How is a pendrive different from a Rubber Ducky?

The problem is that a Rubber Ducky can physically go unnoticed. Someone can see a device of this type and think that it is a normal pendrive and plug it into the computer. However, behind the scenes, scripts may be running that steal files or infect the computer.

But if we focus on the inside of a Rubber Ducky, we will find that they have a 60 MHz and 32 Bit CPU . The CPU is made up of the ALU (Arithmetic Logic Unit) which is capable of performing bit operations. It also has a CU (Control Unit), which is used to control the input and output flow of data.

These hardware components are the ones that, unlike a conventional pendrive, will allow it to perform operations instead of being the computer. This is just the real difference with a normal USB memory, since physically it could be invaluable .

But just as visually we can have difficulties to recognize a Rubber Ducky and differentiate it from a normal pendrive, our computer and antivirus will not have it easy either. Basically they will identify it as one more storage memory and they will not alert us that it is something dangerous.

USB Rubber Ducky

How they can attack us with a Rubber Ducky

What could they do if one of these devices falls into our hands and we plug it into the computer? The truth is that they could take control of the team and basically act as if they had physical access. They could steal information, passwords and thus compromise the privacy and security of the victim.

Remote access to the system

One of the dangers of a Rubber Ducky is that it can give a hacker access to full control of a system. At the end of the day you are acting as if the attacker is in front of the screen executing commands, since they are preconfigured scripts.

This device can open a link between the monitoring server and the victim’s system. This will allow a third party, without needing to be physically there, to take control of the computer and manipulate it however they want. You can configure what is known as a back door, similar to a Trojan.

Data theft

Of course, through a Rubber Ducky the attacker will be able to steal the victim’s personal information and content that is hidden in the system. You can have a script that copies certain files and information that are in Windows, for example, simply when the victim connects it to a corresponding USB port.

Personal information may be at risk if we mistakenly connect a memory of these characteristics. They could quickly steal data that we have stored on the computer and without us immediately noticing this problem.

Password registration

Similarly, a Rubber Ducky can be configured to record keystrokes when logging into any platform. This is known as keylogger, and it is a type of malicious software that is responsible for stealing access codes by registering everything we put in.

Undoubtedly this is one of the most important dangers of this peculiar pendrive. The password is the main security barrier for any computer or user account and can be compromised with a script configured to record everything we write.

How to protect ourselves from a Rubber Ducky

So what can we do to protect ourselves and avoid falling victim to this problem? Undoubtedly the most important thing is common sense and distrust of any memory that comes our way. For example, it is an important error to put a pendrive that we have found on the street.

There have been cases in which an attacker has dropped this type of device in colleges and similar centers, where it is likely that someone will find it and decide to plug it into their computer to see what is there. This will automatically put your security at risk and you could see your system lose control, passwords or data stolen.

If we go into more detail, we will be able to know if a pendrive is normal or on the contrary it is executing a script if we analyze the resources it is consuming. If we notice something strange, a consumption greater than normal, it may indicate that we are facing a Rubber Ducky.

It will also be essential to have our equipment protected with a good antivirus , in addition to having the system correctly updated. Both of these things can help prevent the entry of malware and allow us to increase our defenses against threats of this type.

If we wonder if we can create one at home, the truth is that as a power, it can be done. It is really a device that has been modified and has a series of hardware capable of acting in the way we have explained and executing scripts without having to do it from a computer.

However, it is not something simple. It is essential to have advanced knowledge . It is necessary to introduce firmware directly into the hardware, as well as to configure it properly so that it starts automatically once it is connected to a computer.

In short, a Rubber Ducky is a device that looks like a normal pendrive, but has the necessary hardware and configuration to steal data, personal information or passwords from the victim who plugs it into their computer.