Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Thread beginning with comment 376521
To read all comments associated with this story, please click here.
Leave it to Apple
by sbergman27 on Sat 1st Aug 2009 18:39 UTC
sbergman27
Member since:
2005-07-24

"The more they overthink the plumbing, the easier it is to stop up the drain" said Scotty in Star Trek III.

Leave it to Apple to take something that has always been safe before, and turn it into a security nightmare via over-design.

What other Apple-specific dangers lurk in seemingly innocuous Apple hardware, I wonder? Taking into account recent news about real life safety and security dangers in Apple hardware, and Apple's attempts to suppress news of them, it would not surprise me to see Apple mice spontaneously bursting into flames, or Apple monitors quietly deciding to start emitting x-rays.

Their corporate offices could go up in a fireball, and their sole surviving PR drone would try to blame it on Mr. Coffee.

Edited 2009-08-01 18:46 UTC

Reply Score: 2

RE: Leave it to Apple
by Thom_Holwerda on Sat 1st Aug 2009 19:45 in reply to "Leave it to Apple"
Thom_Holwerda Member since:
2005-06-29

Chen theorises that its because Apple needs to rush hardware to market, so instead of properly testing their firmware - which shouldn't be that hard, it's a frakking keyboard - they just make the firmware flashable instead. This is indeed what happened when the keyboard first came out.

What we need to know is this: how hard is it to achieve this on keyboards from other manufacturers?

Edited 2009-08-01 19:45 UTC

Reply Parent Score: 2

RE[2]: Leave it to Apple
by sbergman27 on Sat 1st Aug 2009 19:57 in reply to "RE: Leave it to Apple"
sbergman27 Member since:
2005-07-24

What we need to know is this: how hard is it to achieve this on keyboards from other manufacturers?

Even if it were possible (and I suspect this is going to turn out to be Apple specific) the exploit would surely need to be customized for the keyboard family. And for the platform.

Apple would still be the logical target because MacOSX and Apple keyboards go together like... oh... "War" and "Pestilence". If the exploit code will run, you can be reasonably certain that the keyboard is going to be Apple, and thus vulnerable, most of the time.

Note that this reasoning applies to any future hardware-based exploits, and not just to keyboards.

Edited 2009-08-01 20:06 UTC

Reply Parent Score: 3

RE[2]: Leave it to Apple
by Johann Chua on Sun 2nd Aug 2009 02:52 in reply to "RE: Leave it to Apple"
Johann Chua Member since:
2005-07-22

Now I really need to find a Griffin iMate. Never cottoned to the shiny new Apple keyboards, so I'd prefer using my old Apple Extended II keyboard when I get a Mac mini.

Reply Parent Score: 2