backtop


Print 49 comment(s) - last by Pirks.. on Aug 6 at 3:58 AM

Attack infects keyboards to record keystrokes and more

No one wants to get their computer hacked or infected with viruses. For a long time, Windows PCs were the only real target of hackers and nefarious users, but as Apple Mac computers have become more popular hacks for these systems are now becoming more common.

A new hack that was demonstrated at DEFCON 2009 doesn't attack the software of Apple computers, rather it attacks the hardware.

Strangely it doesn't attack hardware inside the computer, rather the attack focuses on Apple's USB and Bluetooth keyboards. That means that once infected, the keyboard can’t simply be repaired with a firmware update. The man who devised the hack goes by K. Chen and says he goes by that name because of fear that he would be harassed by Mac fans.

Once infected, the keyboard spits the text most recently typed in reverse order back onto the screen of the computer each time the enter key is pressed. The demonstration shows that the hardware attack is capable of recording keystrokes and injecting them back to the host machine. The key logging capability of the attack can also reportedly work during the boot phase unlocking more hardware and encryption features.

When the keyboard is infected, it can be used to run a bash connect back shell and then give the attacker full control over the computer allowing a root kit to be installed. The level of control is enough that the hacker could wait until the computer was idle and then start the attack.

The exact weakness in the Mac OS used to install the hack on the keyboard is unknown, but Chen says that the code needed to execute the attack in under 100kb and takes under 18 seconds to execute. Once infected the keyboard can’t be fixed and would simply need to be replaced. Chen says he is working with Apple on a fix for the issue.

More and more security issues are being found with Mac computers as they grow in popularity and become more appealing targets for hackers.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

RE: Props
By FaaR on 8/3/2009 11:15:33 AM , Rating: 3
"But this means that the keyboard itself is capable of storing keypresses. What possible purpose would that have?"

Presumably, so that USB bus contention would not cause you to miss keystrokes as you rapidly type away. Just an assumption on my part I admit, but it seems reasonable enough, no?


RE: Props
By Spivonious on 8/3/2009 1:22:31 PM , Rating: 4
Perhaps, but I'm sure that USB has an input buffer to handle devices trying to communicate simultaneously. Otherwise your camera would send down photos missing bits, or your wireless adapter would drop packets all the time.


RE: Props
By FaaR on 8/3/2009 1:36:28 PM , Rating: 3
USB has the capability to reserve bandwidth to streaming devices that need reliable transfers (video cameras, audio recording or playback devices and so on). A keyboard would not be considered so critical that bandwidth is reserved for it. So the buffer you speak of would thus be in the device itself. As is the case, as it turns out! :)


RE: Props
By Fritzr on 8/3/2009 10:12:20 PM , Rating: 2
Generically it is called a typeahead buffer. When you type faster than the system can accept keystrokes, the buffer fills, when the system accepts keystrokes faster than you type the buffer empties. Ideally it should never contain more than 1 char...the one currently being sent to the computer.

This hack creates a keylog buffer in the keyboard and then dumps it each time Enter is pressed. Most likely the chars sent to the Mac are copied to the keylog buffer. With this design all that is needed is writeable memory in the keyboard, the ability to patch the firmware (the hack) and the ability to "see" the keystroke being sent to the Mac.

No buffer required in keyboard unless the USB/Bluetooth occasionally delays enough to allow a typist to press keys faster than the connection can send them, but the design allows for one and this hack seems to add a line buffer to store the data being entered between carriage returns (Enter key).


"We’re Apple. We don’t wear suits. We don’t even own suits." -- Apple CEO Steve Jobs

Related Articles













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki