Yes, the Rubber Ducky USB thumb device is still ever so popular! It was brought back into popularity by the show Mr. Robot. Which is a show on a delusional gray hat hacker. The Rubber Ducky USB product is produced by a company named HAK5. The Rubber Ducky is a programmable device that fits into the USB port of machines. Hackers use it to store keyboard keystroke commands for executing malicious code. Once it is plugged into the victim’s machine, the malware is instantly keyed into the keyboard for execution. It is able to accomplish this by simulating and registering on the machine as a keyboard. The malware is then loaded by a super blast of keyboard strokes. It quickly enables the escalation of users’ privilege so that malware payload can be directly installed.

The Rubber Ducky device is still relevant amongst hackers and is used very frequently. However, a developer has now determined that this device has to be stopped. Therefore, he has created a mitigating technique for stopping the Rubber Ducky USB device. The mitigation is called “Beam Gun.” The Beam Gun is a small package of software that was designed to run computer systems in the background. It is capable of monitoring itself for detection of when hardware devices and plug-ins have attached to the operating system. The small “Beam Gun” software package works very efficiently by continuously focusing on any USB hardware that has been plugged in and has access to the machine that is being monitored. At this point, once detected Beam Gun is able to block any type of keystroke injection. If there is any detection of keystrokes the computer system instantly becomes locked. The keystrokes that were entered prior to the lock are logged for analysis to determine the threat.

Beam Gun is always static and operational, where it works in the background of the user’s computer system. Beam Gun is available on the popular software and product collaboration site named “GitHub.” Beam Gun is customizable, where it’s security settings can be manually configured, giving the user the capability to determine the outcome. Thereby, it also enables the user to analyze, review and deploy mitigation strategies for blocking the Rubber Ducky’s capability. Beam Gun is an awesome piece of software for protecting a user’s system from insider attacks and drive-by script kiddies that use USB plug-ins.

Source: jlospinoso.github.io/infosec/usb%20rubber%20ducky/c#/clr/wpf/.net/security/2016/11/15/usb-rubber-ducky-defeat.html


For more information about Redport’s information assurance and cyber security services, visit www.redport-ia.com, email us at info@redport-ia.com, like us on Facebook, and follow us on Twitter@redport_ia.