Print 49 comment(s) - last by Pirks.. on Aug 6 at 3:58 AM

Attack infects keyboards to record keystrokes and more

No one wants to get their computer hacked or infected with viruses. For a long time, Windows PCs were the only real target of hackers and nefarious users, but as Apple Mac computers have become more popular hacks for these systems are now becoming more common.

A new hack that was demonstrated at DEFCON 2009 doesn't attack the software of Apple computers, rather it attacks the hardware.

Strangely it doesn't attack hardware inside the computer, rather the attack focuses on Apple's USB and Bluetooth keyboards. That means that once infected, the keyboard can’t simply be repaired with a firmware update. The man who devised the hack goes by K. Chen and says he goes by that name because of fear that he would be harassed by Mac fans.

Once infected, the keyboard spits the text most recently typed in reverse order back onto the screen of the computer each time the enter key is pressed. The demonstration shows that the hardware attack is capable of recording keystrokes and injecting them back to the host machine. The key logging capability of the attack can also reportedly work during the boot phase unlocking more hardware and encryption features.

When the keyboard is infected, it can be used to run a bash connect back shell and then give the attacker full control over the computer allowing a root kit to be installed. The level of control is enough that the hacker could wait until the computer was idle and then start the attack.

The exact weakness in the Mac OS used to install the hack on the keyboard is unknown, but Chen says that the code needed to execute the attack in under 100kb and takes under 18 seconds to execute. Once infected the keyboard can’t be fixed and would simply need to be replaced. Chen says he is working with Apple on a fix for the issue.

More and more security issues are being found with Mac computers as they grow in popularity and become more appealing targets for hackers.

Comments     Threshold

This article is over a month old, voting and posting comments is disabled

By Tegeril on 8/3/2009 10:22:14 AM , Rating: 3 him for working with Apple to resolve it.

The information seems lacking, but I imagine this requires you either have physical access to the system or a user that is willing to type in their password to continue?

RE: Props
By Spivonious on 8/3/2009 10:32:31 AM , Rating: 2
Yeah, it's nice he's going the honorable way.

But this means that the keyboard itself is capable of storing keypresses. What possible purpose would that have?

RE: Props
By Motoman on 8/3/2009 10:36:16 AM , Rating: 5
Comrade Jobs is only looking out for your best interests. And looking for your seditious ideas.

RE: Props
By MrBlastman on 8/3/2009 10:49:02 AM , Rating: 1
Who'd ever think stroking your keys would get you slapped. Them thar Apples have high standards. :)

I'm laughing at this, poor poor Apples (not). It looks like Apples might finally turn into the new playground soon enough.

RE: Props
By cdwilliams1 on 8/3/09, Rating: -1
RE: Props
By amanojaku on 8/3/2009 11:22:42 AM , Rating: 4
I have to disagree. Bluetooth and USB both use HCI to communicate with the OS, but the HCI specification does not require the use of upgradable firmware. A Bluetooth or USB keyboard that used ROM would not have had this problem, while providing the same functionality minus the "upgrade." I've never heard of anyone upgrading the firmware on a keyboard, anyway, so I don't understand the practicality of such a feature. I wouldn't buy a keyboard if it doesn't work immediately, and I can use programs to map function keys and macros. I agree with Mr. Chen; the firmware should not have been upgradable. So the end result is Apple's negligence makes its users vulnerable to attack.

RE: Props
By stirfry213 on 8/3/2009 1:35:31 PM , Rating: 2
Even if it used flashable memory, this may not be very effective as there are lots of keyboard manufacturers for PCs. Tho I don't use Macs, I bet they typically use Apple keyboards and not aftermarket which makes it more likely for this hack to work.

RE: Props
By Souka on 8/3/2009 2:30:40 PM , Rating: 4
Oh I'm sure iTunes will release a firmware update to kill this hack....

iTunes seems to do things like know...relase "updates" that kill non-apple stuff


RE: Props
By Adul on 8/3/2009 12:14:40 PM , Rating: 3
the problem not mention in this article is that the keyboards from Apple have the firmware UNLOCKED to address issues for product that is rushed to market. So all apple really needs to do is lock down the firmware to prevent this.

RE: Props
By tayhimself on 8/3/2009 1:42:28 PM , Rating: 2
More importantly, every other manufacturer has their firmware locked. Wonder why Apple didn't bother with this security check other than the reason that they are perfect and virus free ;)

RE: Props
By MonkeyPaw on 8/3/2009 6:42:00 PM , Rating: 5
It's unlocked so Apple can remotely disable your keyboard at will. That way if a Mac user ever happens to "see the light" and start bad mouthing their Mac--Poof! Lockdown. I'm sure Apple's right to do this is in the EULA somewhere.

RE: Props
By spartan014 on 8/3/2009 10:45:42 AM , Rating: 3
A backdoor intentionally left by Apple?

You need to have a Mac to hack the Mac, you know...

RE: Props
By linuxgtwindos3gtmucs on 8/3/2009 9:52:34 PM , Rating: 5

Someone shine the Pirks signal on the sky!

RE: Props
By Alexvrb on 8/3/2009 11:50:42 PM , Rating: 2
LOFL! That's the best "cue Pirks" line I have ever read.

As a bonus I've now got the Batman theme music stuck in my head.

RE: Props
By rtrski on 8/4/2009 8:35:20 AM , Rating: 4
I'm wondering what silhouette would be superposed on the searchlight beam....

...the 'sad Mac' icon?
...the system 'bomb' icon?

...Or perhaps a vacant turtleneck, yearning to be filled?

RE: Props
By FaaR on 8/3/2009 11:15:33 AM , Rating: 3
"But this means that the keyboard itself is capable of storing keypresses. What possible purpose would that have?"

Presumably, so that USB bus contention would not cause you to miss keystrokes as you rapidly type away. Just an assumption on my part I admit, but it seems reasonable enough, no?

RE: Props
By Spivonious on 8/3/2009 1:22:31 PM , Rating: 4
Perhaps, but I'm sure that USB has an input buffer to handle devices trying to communicate simultaneously. Otherwise your camera would send down photos missing bits, or your wireless adapter would drop packets all the time.

RE: Props
By FaaR on 8/3/2009 1:36:28 PM , Rating: 3
USB has the capability to reserve bandwidth to streaming devices that need reliable transfers (video cameras, audio recording or playback devices and so on). A keyboard would not be considered so critical that bandwidth is reserved for it. So the buffer you speak of would thus be in the device itself. As is the case, as it turns out! :)

RE: Props
By Fritzr on 8/3/2009 10:12:20 PM , Rating: 2
Generically it is called a typeahead buffer. When you type faster than the system can accept keystrokes, the buffer fills, when the system accepts keystrokes faster than you type the buffer empties. Ideally it should never contain more than 1 char...the one currently being sent to the computer.

This hack creates a keylog buffer in the keyboard and then dumps it each time Enter is pressed. Most likely the chars sent to the Mac are copied to the keylog buffer. With this design all that is needed is writeable memory in the keyboard, the ability to patch the firmware (the hack) and the ability to "see" the keystroke being sent to the Mac.

No buffer required in keyboard unless the USB/Bluetooth occasionally delays enough to allow a typist to press keys faster than the connection can send them, but the design allows for one and this hack seems to add a line buffer to store the data being entered between carriage returns (Enter key).

RE: Props
By Sazar on 8/3/2009 2:44:06 PM , Rating: 2
Depending on how things work out (i.e. compensation), he could well change his name from K Cheng to Ka Ching.

Btw, I wonder if this is limited to hardwired peripherals or if it also affects and can be used with wireless components.

RE: Props
By FITCamaro on 8/3/2009 3:01:18 PM , Rating: 1
Depending on how things work out (i.e. compensation), he could well change his name from K Cheng to Ka Ching.

That would be hilarious if the dude was Asian.....

RE: Props
By linuxgtwindos3gtmucs on 8/3/2009 9:55:53 PM , Rating: 2
Quick paint some gold flakes on the keyboard label the box "iFuc|<ed"
they could make some big fat profits...

"I modded down, down, down, and the flames went higher." -- Sven Olsen
Related Articles

Latest Headlines
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
The Samsung Galaxy S7
September 14, 2016, 6:00 AM
Apple Watch 2 – Coming September 7th
September 3, 2016, 6:30 AM
Apple says “See you on the 7th.”
September 1, 2016, 6:30 AM

Most Popular ArticlesAre you ready for this ? HyperDrive Aircraft
September 24, 2016, 9:29 AM
Leaked – Samsung S8 is a Dream and a Dream 2
September 25, 2016, 8:00 AM
Inspiron Laptops & 2-in-1 PCs
September 25, 2016, 9:00 AM
Snapchat’s New Sunglasses are a Spectacle – No Pun Intended
September 24, 2016, 9:02 AM
Walmart may get "Robot Shopping Carts?"
September 17, 2016, 6:01 AM

Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki