What is it capable of?
Where older versions could only write keystroke sequences, Rubber Ducky can store variables, has feature-rich language, enables users to write functions, and can use logic flow controls (if this, then that, etc.). There is a significant shift in the programming language of Rubber Ducky. “Everything it types is trusted to the same degree as the user is trusted,” Rubber Ducky creator says, “so it takes advantage of the trust model built in, where computers have been taught to trust a human. And a computer knows that a human typically communicates with it through clicking and typing.” It means Rubber Ducky, for example, can examine on its own which device it is plugged into. Consequently, it can execute appropriate code on its own, or it will disable itself whenever it finds the wrong target. Also, it can produce pseudorandom numbers, which Ducky uses to create more human effects by adding a varying delay between keystrokes. Perhaps more dangerous is that it can rob data by encoding it in binary format. Furthermore, it transmits the information through the signals whenever NumLock or CapsLock lights up.
How dangerous is it?
When it comes to capability, Rubber Ducky is very dangerous, but its need for physical access limits it from targeting everyone. Kitchen says the recent Rubber Ducky was the most sought-after product at Def Conference. Around 500 units sold out on the first day of the conference itself. It is not wrong to say that many hackers already have one, and its demand will continue for some time.
Is it of any use for the common man?
On the outer side, it is easy to use, but on the inside, it requires experience in debugging and writing code. Also, it is expensive for every other person to purchase it at $59.99 per unit. So, in a nutshell, it is not everyone’s cup of tea. But there are great chances that hackers will be desperately after USB Rubber Ducky.