Mac Keyboard security problem

[ffutures]

Possibly of interest...

A large hole has been found in Mac security - basically, it's possible to hack the firmware of Mac keyboards to turn them into self-contained keyloggers. No hardware modification, and almost impossible to detect.

http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/

It looks like the easiest way to do this would be to borrow someone's keyboard for a minute, plug it into an iBook or something else running GDB, and go on your way rejoicing. No need to touch the target computer itself (unless, I suppose, it's a bluetooth keyboard), so you don't need to log in. Reading how it works, I'm pretty sure you could adapt the idea to other operating systems, and use a PDA or something instead of a Mac-compatible.

As far as I know only Mac keyboards with flash memory etc. are vulnerable - PC keyboards don't have this as far as I know, most of their processing is done by the PC.

Comments

[heliograph.livejournal.com]

There's a ton of peripherals with some memory in them now, on both Macs and PCs. I dunno if you deal with a lot of firmware upgrades, but the number of things that don't have them is far smaller than the number of things that do.

The reason this isn't a big deal is because you'd need 1) physical access and 2) root access to install it. If you have either or both of these, you could just install a keylogger, and the whole keyboard thing is secondary.

As far as it not being fixable, all you'd really need to do is re-flash the firmware.

[ffutures.livejournal.com]

I'm not saying it's not fixable, but it looks to be hard to detect.

Unless I'm missing something, you don't need root access to the Mac itself to do this - you just need a computer of some description that can make the changes to the keyboard.

[heliograph.livejournal.com]

"it looks to be hard to detect."

You'd either need physical access to get the 1k of typing out of it again, or you'd need to have the computer export the data. I dunno about you, but I monitor all of my outgoing traffic.

"you don't need root access to the Mac itself to do this"

You need root access on the machine running the firmware update.

[ffutures.livejournal.com]

Sure - but that needn't necessarily be the target machine if I've understood it properly.

I'm thinking here of something like a cleaner / burglar going into an office one night carrying a suitable laptop, running the software on a few likely-looking keyboards, and coming back the next night to download the first few K typed into the keyboard, which is probably enough to give you passwords etc.

[heliograph.livejournal.com]

Sure - but that needn't necessarily be the target machine if I've understood it properly.

Just like under Windows, if you update firmware using a different machine, the OS will see the equipment as "new" and will alert the user. Whether they pay attention or not is a different problem.

[ffutures.livejournal.com]

Hadn't realised that would happen. OK, thanks for the clarification.

[whswhs.livejournal.com]

Am I correct to understand that this is an issue for a computer in an office, or one that's carried around perhaps, but that it's not much of an issue for a computer that stays at home in a room that rarely gets visitors?

[heliograph.livejournal.com]

Honestly, as long as you have physical control over your machine, you don't have anything to worry about.

[cdybedahl.livejournal.com]

And if you don't have physical control of the computer, you're pretty much screwed anyway. How often do you check if someone's put a sniffer between your keyboards USB plug and the computer's USB port, for example?

[ffutures.livejournal.com]

USB plug? I'm still using the original IBM AT keyboard!

[cdybedahl.livejournal.com]

That'll save whoever wants to sniff it about $10 :-)