Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Thread beginning with comment 376530
To read all comments associated with this story, please click here.
Apple is probably not the only one
by jokkel on Sat 1st Aug 2009 19:47 UTC
jokkel
Member since:
2008-07-07

I strongly suspect that Apple is the only one. A lot of other USB keyboards probably have the same problem.

This doesn't excuse anything of course. It's quite scary to think, that you own keyboard is spying on you.

Apple is an attractive target for hacking, because exploits always make headlines. I hope Apple will cooperate more with security researches in the future. Their security track record isn't that great. Apple relied too long an too much on security by obscurity and being a small target.

Reply Score: 2

deathshadow Member since:
2005-07-12

That would be my guess, Apple these days uses a lot of the same chips under the hood as it's competitors, (ok, all the same chips now) - as such I'd not be surprised to find out other USB keyboards are at risk.

Makes me glad I'm still using a nice safe near indestructible PS/2 model M - Actually it's a bastardization the keyboard mechanicals are from a 370 version, the internal board and case is from the AT version with the phone jack, but I have the cable from a PS/2 one which works (since the only difference between PS/2 and AT keyboard is the plug at the PC end)

It really is as sbergman27 said an overthinking of the plumbing.

8K of flash and 256 bytes of RAM? *** sake what's in there a PicAxe or Atmel? FOR A KEYBOARD?!? Sad when a keyboard has more computing power and live storage than my first computer.

Also proves something I've been saying for years, the illusion of safety provided by Apple won't last... since once enough people are using them to be a viable target they've got little to nothing standing between the user and total pwnage compared to other OS and hardware bases.

Edited 2009-08-01 20:35 UTC

Reply Parent Score: 2

sbergman27 Member since:
2005-07-24

Also proves something I've been saying for years, the illusion of safety provided by Apple won't last... since once enough people are using them to be a viable target they've got little to nothing standing between the user and total pwnage compared to other OS and hardware bases.

Even its Unix foundation is a bit of an illusion from a security standpoint. While the rest of the POSIX world has been moving forward with a variety of hardening techniques and security frameworks, Apple has been fine-tuning their icon colors.

Securitywise, MacOSX's Darwin underpinnings look like something out of the mid 1990s.

Reply Parent Score: 7

jabbotts Member since:
2007-09-06

My Logitech G15 must have some chips inside there. I can see much of it done on the driver side but still, it's much more than a simple button pad pushing signal out a ps2 or big DIN port.

I can see it now.. "WOW Accounts hijacked through keyboard zombies!"

Reply Parent Score: 2

Kroc Member since:
2005-11-10

Sorry to burst your bubble, but your PS2 keyboard can be read from a plug socket http://news.bbc.co.uk/1/hi/technology/8147534.stm

Reply Parent Score: 1