Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Keyboard Firmware Hack Demonstrated

Posted by Soulskill on from the qwerty's-revenge dept.

Anonymouse writes with this excerpt from SemiAccurate: "Apple keyboards are vulnerable to a hack that puts keyloggers and malware directly into the device's firmware. This could be a serious problem, and now that the presentation and code (PDF) is out there, the bad guys will surely be exploiting it. The vulnerability was discovered by K. Chen, and he gave a talk on it at Black Hat this year (PDF). The concept is simple: a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working RAM. For the intelligent, this is more than enough space to have a field day. ... The new firmware can do anything you want it to. Chen demonstrated code which, when you put in a password and hit return, starts playing back the last five characters typed in, LIFO. It is a rudimentary keylogger; a proof of concept more than anything else. Since there is about 1K of flash free in the keyboard itself, you can log quite a few keystrokes totally transparently."

8 of 275 comments (clear)

  1. What's next? by psYchotic87 · · Score: 3, Funny

    Laptop charger hack demonstrated?
    This is getting quite silly... Perhaps manufacturers should try to keep simple devices actually simple.

  2. Yes, but does it run... by TheRaven64 · · Score: 3, Funny

    ...Contiki?

    --
    I am TheRaven on Soylent News
  3. Coming soon to an enterprise near you by SuperKendall · · Score: 4, Funny

    Mandatory 2k long passwords to defeat possible hardware loggers.

    Changed monthly, of course.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  4. Re:The Upside? by Anonymous Coward · · Score: 1, Funny

    A key sequence that can be hit so it would hit the space bar every couple seconds.

    This is so I can AFK in WoW BGs without getting booted, but still get honor and marks.

  5. Re:Huh?? by ettlz · · Score: 4, Funny

    Probably unimplemented DRM. By forming a secure input path, it furnishes printed material content protection --- by stopping you from typing it in.

  6. Re:Flash memory in a keyboard? by ColdWetDog · · Score: 4, Funny

    Yeah, he should wait 24 hours and repost the whole article. That works way better around here.

    --
    Faster! Faster! Faster would be better!
  7. Re:Old tech is the best tech. by slyborg · · Score: 2, Funny

    Love the dumb comments on this thread. The army of ninja hackers will not be sneaking into houses tonight to backdoor all of the Apple keyboards in the world. The fact that it requires physical access to the keyboard makes it pretty close to useless except for public access sites and people who are cheating on their S.O. who happens to be a Black Hat hacker. I would suggest in the latter case you are hella screwed anyway.

  8. Re:Flash memory in a keyboard? by TheRaven64 · · Score: 3, Funny

    That only works if you call yourself an 'editor'.

    --
    I am TheRaven on Soylent News