A new hack that was demonstrated at
DEFCON 2009 doesn't attack the software of Apple computers, rather it
attacks the hardware.
Strangely it doesn't attack hardware
inside the computer, rather the attack focuses on Apple's USB
and Bluetooth keyboards. That means that once infected, the
keyboard can’t simply be repaired with a firmware update. The man
who devised the hack goes by K. Chen and says he goes by that name
because of fear that he would be harassed by Mac fans.
infected, the keyboard spits the text most recently typed in reverse
order back onto the screen of the computer each time the enter key is
pressed. The demonstration shows that the hardware attack is capable
of recording keystrokes and injecting them back to the host machine.
The key logging capability of the attack can also reportedly work
during the boot phase unlocking more hardware and encryption
When the keyboard is infected, it can be used to run
a bash connect back shell and then give the attacker full control
over the computer allowing a root kit to be installed. The level of
control is enough that the hacker could wait until the computer was
idle and then start the attack.
The exact weakness in the Mac
OS used to install the hack on the keyboard is unknown, but Chen says
that the code needed to execute the attack in under 100kb and takes
under 18 seconds to execute. Once infected the keyboard can’t be
fixed and would simply need to be replaced. Chen says he is working
with Apple on a fix for the issue.
More and more security
issues are being found with Mac computers as they grow in
popularity and become more appealing targets for hackers.
quote: Depending on how things work out (i.e. compensation), he could well change his name from K Cheng to Ka Ching.