Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Permalink for comment 376553
To read all comments associated with this story, please click here.
jabbotts
Member since:
2007-09-06

Interviews after this years Pwn2Own described osX security around the browser as pretty open. A reason it was targeted was that the Safari browser does not provide the same protective layers that other browsers offer (though, the next major version addresses this in some ways I hear). Outcome, browser can run executable code.

Now it's on the system with no sandboxing to break out of. It needs only escalate it's privaledge to root. Not easy on a well configured posix base but not impossible.

Now it's root, it redirects input/output and send the [OK] button press when firmware flasher requires it. Maybe it presents a spoofed layer overtop the actual firmware messagebox and gets it done a-la social engineering.

Injecting break points is a standard part of running software and easily done with root privaledge. Maybe it simply patches in memory as needed for that step.

It's not like your average skript kiddie is going to get this one but gov and criminal enterprise are already working on it. Attacks never get worse, they only ever get better. If left unpatched, this will become a problem.

Reply Parent Score: 3