Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Thread beginning with comment 376544
To read all comments associated with this story, please click here.
I see a lot of misinformed comments
by Lo_Phat on Sat 1st Aug 2009 21:16 UTC
Lo_Phat
Member since:
2009-07-08

All barring one have been knee jerk misinformed Fanboi style comments.

A vulnerability that requires physical access to the machine in order to be enabled, and relies on the keyboard not being at the latest firmware version (the firmware updater won't download or run an image unless it's newer than the current one installed) is hardly world shaking news.

I applaud the researchers for finding this and any other potential vulnerability but Im not going to lay awake at night worrying about this one.

Reply Score: 0

smashIt Member since:
2005-07-06

well, you seem to be the misinformed fanboi if you believe that apple are the only ones that can write those magical lines of coded needed to flash the firmware

Reply Parent Score: 2

WereCatf Member since:
2006-02-15

A vulnerability that requires physical access to the machine in order to be enabled, and relies on the keyboard not being at the latest firmware version (the firmware updater won't download or run an image unless it's newer than the current one installed) is hardly world shaking news.

Umm, they only need to disassemble the firmware updater and copy the lines of code that do the actual magic of updating the firmware, OR they can just fool it to think the firmware is not the latest available one. POOF! That was the sound of your argument just getting shot down.

Secondly, it does not require physical access: if you can get malware on the Mac then you have access to the keyboard firmware, too.

Thirdly, you don't need to get malware on the Mac at all or know any passwords or anything if you just can get physical access to the keyboard and attach it to your netbook/notebook/laptop and update the firmware there.

Reply Parent Score: 3

darknexus Member since:
2008-07-15

But then you have this other problem... you'd need to convince the users to run it, since it couldn't be done by a web scripting language and even Safari won't just execute an arbitrary file on the machine.

Reply Parent Score: 2