Print 49 comment(s) - last by Pirks.. on Aug 6 at 3:58 AM

Attack infects keyboards to record keystrokes and more

No one wants to get their computer hacked or infected with viruses. For a long time, Windows PCs were the only real target of hackers and nefarious users, but as Apple Mac computers have become more popular hacks for these systems are now becoming more common.

A new hack that was demonstrated at DEFCON 2009 doesn't attack the software of Apple computers, rather it attacks the hardware.

Strangely it doesn't attack hardware inside the computer, rather the attack focuses on Apple's USB and Bluetooth keyboards. That means that once infected, the keyboard can’t simply be repaired with a firmware update. The man who devised the hack goes by K. Chen and says he goes by that name because of fear that he would be harassed by Mac fans.

Once infected, the keyboard spits the text most recently typed in reverse order back onto the screen of the computer each time the enter key is pressed. The demonstration shows that the hardware attack is capable of recording keystrokes and injecting them back to the host machine. The key logging capability of the attack can also reportedly work during the boot phase unlocking more hardware and encryption features.

When the keyboard is infected, it can be used to run a bash connect back shell and then give the attacker full control over the computer allowing a root kit to be installed. The level of control is enough that the hacker could wait until the computer was idle and then start the attack.

The exact weakness in the Mac OS used to install the hack on the keyboard is unknown, but Chen says that the code needed to execute the attack in under 100kb and takes under 18 seconds to execute. Once infected the keyboard can’t be fixed and would simply need to be replaced. Chen says he is working with Apple on a fix for the issue.

More and more security issues are being found with Mac computers as they grow in popularity and become more appealing targets for hackers.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Tegeril on 8/3/2009 10:22:14 AM , Rating: 3 him for working with Apple to resolve it.

The information seems lacking, but I imagine this requires you either have physical access to the system or a user that is willing to type in their password to continue?

RE: Props
By Spivonious on 8/3/2009 10:32:31 AM , Rating: 2
Yeah, it's nice he's going the honorable way.

But this means that the keyboard itself is capable of storing keypresses. What possible purpose would that have?

RE: Props
By Motoman on 8/3/2009 10:36:16 AM , Rating: 5
Comrade Jobs is only looking out for your best interests. And looking for your seditious ideas.

RE: Props
By MrBlastman on 8/3/2009 10:49:02 AM , Rating: 1
Who'd ever think stroking your keys would get you slapped. Them thar Apples have high standards. :)

I'm laughing at this, poor poor Apples (not). It looks like Apples might finally turn into the new playground soon enough.

RE: Props
By cdwilliams1 on 8/3/09, Rating: -1
RE: Props
By amanojaku on 8/3/2009 11:22:42 AM , Rating: 4
I have to disagree. Bluetooth and USB both use HCI to communicate with the OS, but the HCI specification does not require the use of upgradable firmware. A Bluetooth or USB keyboard that used ROM would not have had this problem, while providing the same functionality minus the "upgrade." I've never heard of anyone upgrading the firmware on a keyboard, anyway, so I don't understand the practicality of such a feature. I wouldn't buy a keyboard if it doesn't work immediately, and I can use programs to map function keys and macros. I agree with Mr. Chen; the firmware should not have been upgradable. So the end result is Apple's negligence makes its users vulnerable to attack.

RE: Props
By stirfry213 on 8/3/2009 1:35:31 PM , Rating: 2
Even if it used flashable memory, this may not be very effective as there are lots of keyboard manufacturers for PCs. Tho I don't use Macs, I bet they typically use Apple keyboards and not aftermarket which makes it more likely for this hack to work.

RE: Props
By Souka on 8/3/2009 2:30:40 PM , Rating: 4
Oh I'm sure iTunes will release a firmware update to kill this hack....

iTunes seems to do things like know...relase "updates" that kill non-apple stuff


RE: Props
By Adul on 8/3/2009 12:14:40 PM , Rating: 3
the problem not mention in this article is that the keyboards from Apple have the firmware UNLOCKED to address issues for product that is rushed to market. So all apple really needs to do is lock down the firmware to prevent this.

RE: Props
By tayhimself on 8/3/2009 1:42:28 PM , Rating: 2
More importantly, every other manufacturer has their firmware locked. Wonder why Apple didn't bother with this security check other than the reason that they are perfect and virus free ;)

RE: Props
By MonkeyPaw on 8/3/2009 6:42:00 PM , Rating: 5
It's unlocked so Apple can remotely disable your keyboard at will. That way if a Mac user ever happens to "see the light" and start bad mouthing their Mac--Poof! Lockdown. I'm sure Apple's right to do this is in the EULA somewhere.

RE: Props
By spartan014 on 8/3/2009 10:45:42 AM , Rating: 3
A backdoor intentionally left by Apple?

You need to have a Mac to hack the Mac, you know...

RE: Props
By linuxgtwindos3gtmucs on 8/3/2009 9:52:34 PM , Rating: 5

Someone shine the Pirks signal on the sky!

RE: Props
By Alexvrb on 8/3/2009 11:50:42 PM , Rating: 2
LOFL! That's the best "cue Pirks" line I have ever read.

As a bonus I've now got the Batman theme music stuck in my head.

RE: Props
By rtrski on 8/4/2009 8:35:20 AM , Rating: 4
I'm wondering what silhouette would be superposed on the searchlight beam....

...the 'sad Mac' icon?
...the system 'bomb' icon?

...Or perhaps a vacant turtleneck, yearning to be filled?

RE: Props
By FaaR on 8/3/2009 11:15:33 AM , Rating: 3
"But this means that the keyboard itself is capable of storing keypresses. What possible purpose would that have?"

Presumably, so that USB bus contention would not cause you to miss keystrokes as you rapidly type away. Just an assumption on my part I admit, but it seems reasonable enough, no?

RE: Props
By Spivonious on 8/3/2009 1:22:31 PM , Rating: 4
Perhaps, but I'm sure that USB has an input buffer to handle devices trying to communicate simultaneously. Otherwise your camera would send down photos missing bits, or your wireless adapter would drop packets all the time.

RE: Props
By FaaR on 8/3/2009 1:36:28 PM , Rating: 3
USB has the capability to reserve bandwidth to streaming devices that need reliable transfers (video cameras, audio recording or playback devices and so on). A keyboard would not be considered so critical that bandwidth is reserved for it. So the buffer you speak of would thus be in the device itself. As is the case, as it turns out! :)

RE: Props
By Fritzr on 8/3/2009 10:12:20 PM , Rating: 2
Generically it is called a typeahead buffer. When you type faster than the system can accept keystrokes, the buffer fills, when the system accepts keystrokes faster than you type the buffer empties. Ideally it should never contain more than 1 char...the one currently being sent to the computer.

This hack creates a keylog buffer in the keyboard and then dumps it each time Enter is pressed. Most likely the chars sent to the Mac are copied to the keylog buffer. With this design all that is needed is writeable memory in the keyboard, the ability to patch the firmware (the hack) and the ability to "see" the keystroke being sent to the Mac.

No buffer required in keyboard unless the USB/Bluetooth occasionally delays enough to allow a typist to press keys faster than the connection can send them, but the design allows for one and this hack seems to add a line buffer to store the data being entered between carriage returns (Enter key).

RE: Props
By Sazar on 8/3/2009 2:44:06 PM , Rating: 2
Depending on how things work out (i.e. compensation), he could well change his name from K Cheng to Ka Ching.

Btw, I wonder if this is limited to hardwired peripherals or if it also affects and can be used with wireless components.

RE: Props
By FITCamaro on 8/3/2009 3:01:18 PM , Rating: 1
Depending on how things work out (i.e. compensation), he could well change his name from K Cheng to Ka Ching.

That would be hilarious if the dude was Asian.....

RE: Props
By linuxgtwindos3gtmucs on 8/3/2009 9:55:53 PM , Rating: 2
Quick paint some gold flakes on the keyboard label the box "iFuc|<ed"
they could make some big fat profits...

Why hide?
By WoWCow on 8/3/2009 10:53:53 AM , Rating: 2
The man who devised the hack goes by K. Chen and says he goes by that name because of fear that he would be harassed by Mac fans.

Hm... So I see working on Apple products' security is something to be feared.

Anyway, with the hardware hacking issue mandating the keyboard to be replaced is something new to me; can someone explain this in detail?

RE: Why hide?
By Smilin on 8/3/2009 11:02:59 AM , Rating: 5
Yeah the last guy to mess with apple got thrown out of a window then covered up as a suicide.

Also, if you hack/jailbreak on of their products homeland security will have a word with you.

RE: Why hide?
By SpaceJumper on 8/3/2009 2:01:25 PM , Rating: 2
The Apple investors will throw you out of a building.

RE: Why hide?
By Fritzr on 8/3/2009 10:17:39 PM , Rating: 3
He doesn't give enough information to answer that. That said the simplest explanation is that this hack does 2 things

1) Patches the firmware to install and activate the hack
2) Locks out firmware updates to prevent modification of the 'update'

I wonder...
By Alexstarfire on 8/3/2009 12:49:08 PM , Rating: 2
What the likes of Pirks can say to this? Only Apple could f*ck up a keyboard so that it can be hacked. That's just pathetic.

RE: I wonder...
By mfed3 on 8/3/2009 1:05:57 PM , Rating: 1
the only thing i can think of him saying is "owned and im a pathetic loser evangelist who defends a company who couldnt give 2 shits about me. i just dumped my pants"

RE: I wonder...
By chick0n on 8/3/2009 1:14:41 PM , Rating: 2
He will bring up his "iDick" thing up again.

Thats all he has been saying lately, cuz his poor little garbage mac is so garbage that even he is feeling the pressure now ... AWWW POOR PIRKS

Just do us a favor and die with your Mac.

RE: I wonder...
By Pirks on 8/3/09, Rating: -1
RE: I wonder...
By Pirks on 8/3/09, Rating: -1
RE: I wonder...
By Alexstarfire on 8/4/2009 1:33:20 AM , Rating: 2
Figures, nothing but insults. The truth hurts doesn't it Pirks?

RE: I wonder...
By Pirks on 8/6/2009 3:58:21 AM , Rating: 2
stop coughing here Alex, it's not your dusty MS-DOS museum. go get a life old man :P

By xxsk8er101xx on 8/3/2009 3:18:05 PM , Rating: 4
As macs get more popular hackers will target Mac computers. What's awesome is Apple does not know how to fix their security holes.

RE: Yep
By Mojo the Monkey on 8/3/09, Rating: -1
RE: Yep
By Smilin on 8/4/2009 11:23:12 AM , Rating: 2
No,he's right. Apple is really bad about fixing security holes. In many cases they deny them which is a very bad idea long term.

The DNS vulnerability that was discovered this past year is probably the perfect example since all vendors were affected. MSFT, Cisco, most *nix variants all had the fix ready on the day of the announcement. Apple on the other hand came gimpily running to the special olympics finish line months later.

RE: Yep
By Mojo the Monkey on 8/4/2009 12:26:21 PM , Rating: 2
Right, I agree with that point. But I was simply taking issue with his statement that they "do not know how"

I'm sure they do, but its not a priority like it SHOULD be. Saying that they dont have the technical competence is something altogether separate.

When was the last time...
By Helbore on 8/3/2009 10:57:00 AM , Rating: 2 had to flash a new firmware onto a keyboard?

Why do these keyboards even have the ability to store unremovable code on them?

RE: When was the last time...
By SpaceJumper on 8/3/2009 1:59:43 PM , Rating: 3
So Apple can sell more keyboards.

Bad month for Apple.
By dark matter on 8/3/2009 11:31:45 AM , Rating: 4
MS should have plenty of material to work with for their Windows 7 ads.

People in glass houses... With regards to security Apple users have just gone from living in a bunker to living in a greenhouse.

Ouch, that has just got to hurt!

Sweet!! and Green!!
By SpaceJumper on 8/3/2009 1:58:16 PM , Rating: 2
He is giving himself some money from Apple. Soon, this sort of thing will be the Apple hackers main stream of business.

RE: Sweet!! and Green!!
By mars777 on 8/4/2009 1:29:46 AM , Rating: 2
Yeah but too much severe security problems could lead Apple to go bankrupt! :D

a perfect storm
By raabscuttle on 8/4/2009 3:00:44 PM , Rating: 2
This has all the makings of a perfect storm. Apple is where Micro$oft was 10 years ago: fat and complacent with hoards of users just waiting to be exploited. In my weatherman prediction, I see hoards of MAC users being hit hard in the next twelve months.

Ccomputer user since AppleBasic was on Apple II - antivirus user since DOS 3.3 was running on my 8088 - no infections yet...

Meanwhile in the real world....
By Tony Swash on 8/3/09, Rating: -1
RE: Meanwhile in the real world....
By rtrski on 8/4/2009 8:39:37 AM , Rating: 2
The one for which, by dint of market demand, all the medical researchers are hard at work constantly releasing cures and remedies?

Hey, it's your metaphor.

By cactusdog on 8/4/2009 9:01:39 AM , Rating: 2
Why do people pay twice as much to do half as much and have all these issues. Then you gotta pay them for updates and/or return hardware to them to fix for a premium. I dunt get it.

RE: Meanwhile in the real world....
By Tony Swash on 8/4/2009 12:51:35 PM , Rating: 1
Not quite sure what your point is here - to repeat - there are no security exploits which comprise macs propagating in the mac community of users, there are many, many such exploits propagating in the PC community.

To explore the metaphor a bit more. If a medical professional says stop eating such and such stuff and your chances of getting caner will go down - I may well stop eating that stuff. But it remains true that I would rather suffer from hypothetical cancer than real cancer.

RE: Meanwhile in the real world....
By Alexstarfire on 8/4/2009 3:08:48 PM , Rating: 2
I think you're not understanding your own metaphor correctly. What the other guy is saying is that if you had actual cancer, AKA an infection on a PC, that you could actually get cured, AKA fixed and patched, but that if you had the hypothetical cancer, AKA a security hole in a mac, that if you did get cancer, AKA infected, that you'd be shit out of luck.

Of course by your analogy it sounds like the PC guys are living in Chernobel with the rate they get "cancer." Of course you could also think of it this way. The PC guys are standing in front of a radiation gun, AKA hackers and such, but have on a radiation suit and a lead vest while the mac guys are standing just outside the range of the radiation gun but are totally unprotected. Turn that gun just a bit in your direction and boom. Not only do you get cancer, but you become mutated too.

By Tony Swash on 8/4/2009 5:17:28 PM , Rating: 2
The main point I keep making is that this is all just over excited talk about maybe this, maybe that, gosh this is theoretically possible. But in the real world - my own personal preferred reference point for trying to understand reality - macs are clean of infections and Windows PCs are not.

No matter how much enthusiasm greets the announcement of each new mac related "security hole" the simple truth is that macs are not actually being infected and Windows PCS are.

As I said I prefer hypothetical cancer to actual cancer - your preferences may be different.

“And I don't know why [Apple is] acting like it’s superior. I don't even get it. What are they trying to say?” -- Bill Gates on the Mac ads
Related Articles

Most Popular ArticlesFree Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Top 5 Smart Watches
July 21, 2016, 11:48 PM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki