Apple Keyboard Firmware Hack Demonstrated 275
Anonymouse writes with this excerpt from SemiAccurate:
"Apple keyboards are vulnerable to a hack that puts keyloggers and malware directly into the device's firmware. This could be a serious problem, and now that the presentation and code (PDF) is out there, the bad guys will surely be exploiting it. The vulnerability was discovered by K. Chen, and he gave a talk on it at Black Hat this year (PDF). The concept is simple: a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working RAM. For the intelligent, this is more than enough space to have a field day. ... The new firmware can do anything you want it to. Chen demonstrated code which, when you put in a password and hit return, starts playing back the last five characters typed in, LIFO. It is a rudimentary keylogger; a proof of concept more than anything else. Since there is about 1K of flash free in the keyboard itself, you can log quite a few keystrokes totally transparently."
What's next? (Score:3, Funny)
This is getting quite silly... Perhaps manufacturers should try to keep simple devices actually simple.
Yes, but does it run... (Score:4, Funny)
Coming soon to an enterprise near you (Score:5, Funny)
Mandatory 2k long passwords to defeat possible hardware loggers.
Changed monthly, of course.
Re:The Upside? (Score:1, Funny)
A key sequence that can be hit so it would hit the space bar every couple seconds.
This is so I can AFK in WoW BGs without getting booted, but still get honor and marks.
Re:Huh?? (Score:5, Funny)
Re:Flash memory in a keyboard? (Score:5, Funny)
Re:Old tech is the best tech. (Score:3, Funny)
Love the dumb comments on this thread. The army of ninja hackers will not be sneaking into houses tonight to backdoor all of the Apple keyboards in the world. The fact that it requires physical access to the keyboard makes it pretty close to useless except for public access sites and people who are cheating on their S.O. who happens to be a Black Hat hacker. I would suggest in the latter case you are hella screwed anyway.
Re:Flash memory in a keyboard? (Score:4, Funny)