Who knew rubber duckies could have a sinister meaning? No, not yellow rubber duckies that float in the bathtub. The rubber ducky that you plug into a computer's USB port, like a flash drive, that is designed to impersonate a keyboard. In reality, it houses what's called a payload, or malicious code, that injects a keystroke attack. In other words, when you plug it into a USB port, it tricks the computer into thinking it's a keyboard, but instead it delivers pre-programmed keystrokes to achieve a task, in seconds. This is called keystroke injection and it's one way to hack modern devices. Before you know it, your computer or device is executing commands that you have no control over.

How is that even possible? A rubber ducky deploys code, loaded onto the USB drive, from a programming language called Ducky Script. When plugged in, the drive automatically executes the code, achieving whatever the attacker wanted to do. It can be any type of storage device, even repurposed old USB drives. It works because to a computer, a keyboard is inherently trusted — it's a peripheral the computer automatically recognizes. The rubber ducky abuses that trust, like a vampire asking to enter your home, only the home is your computer. There is a silver lining. Rubber duckies are often used by ethical or white-hat-hackers, the "good guys," like cybersecurity professionals and researchers learning how to defend against this kind of attack. Even so, that doesn't mean a rubber ducky couldn't be used for nefarious activities.