Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Permalink for comment 376551
To read all comments associated with this story, please click here.
WereCatf
Member since:
2006-02-15

A vulnerability that requires physical access to the machine in order to be enabled, and relies on the keyboard not being at the latest firmware version (the firmware updater won't download or run an image unless it's newer than the current one installed) is hardly world shaking news.

Umm, they only need to disassemble the firmware updater and copy the lines of code that do the actual magic of updating the firmware, OR they can just fool it to think the firmware is not the latest available one. POOF! That was the sound of your argument just getting shot down.

Secondly, it does not require physical access: if you can get malware on the Mac then you have access to the keyboard firmware, too.

Thirdly, you don't need to get malware on the Mac at all or know any passwords or anything if you just can get physical access to the keyboard and attach it to your netbook/notebook/laptop and update the firmware there.

Reply Parent Score: 3