Security · 2h ago
hid_guard: Open-Source Tool Blocks Keystroke Injection at Kernel Level
A developer built hid_guard, a Linux kernel security monitor using eBPF to detect and block keystroke injection attacks like those from USB Rubber Ducky devices. The tool runs in kernel space, catching malicious keystrokes faster than userspace alternatives. The project is open-source and has been submitted to the linux-input mailing list for review.
Meridian48 take
While hid_guard addresses a real gap in USB security, its effectiveness depends on widespread adoption and kernel integration, which is far from guaranteed.
Read the full reporting
The Duck Stops Here: Building hid_guard — Catching Keystroke Injection at the Kernel Level →
DEV Community
linux-kernelusb-security