Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Keyboard Firmware Hack Demonstrated

Posted by Soulskill on from the qwerty's-revenge dept.

Anonymouse writes with this excerpt from SemiAccurate: "Apple keyboards are vulnerable to a hack that puts keyloggers and malware directly into the device's firmware. This could be a serious problem, and now that the presentation and code (PDF) is out there, the bad guys will surely be exploiting it. The vulnerability was discovered by K. Chen, and he gave a talk on it at Black Hat this year (PDF). The concept is simple: a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working RAM. For the intelligent, this is more than enough space to have a field day. ... The new firmware can do anything you want it to. Chen demonstrated code which, when you put in a password and hit return, starts playing back the last five characters typed in, LIFO. It is a rudimentary keylogger; a proof of concept more than anything else. Since there is about 1K of flash free in the keyboard itself, you can log quite a few keystrokes totally transparently."

3 of 275 comments (clear)

  1. Coming soon to an enterprise near you by SuperKendall · · Score: 4, Funny

    Mandatory 2k long passwords to defeat possible hardware loggers.

    Changed monthly, of course.

    --
    "There is more worth loving than we have strength to love." - Brian Jay Stanley
  2. Re:Huh?? by ettlz · · Score: 4, Funny

    Probably unimplemented DRM. By forming a secure input path, it furnishes printed material content protection --- by stopping you from typing it in.

  3. Re:Flash memory in a keyboard? by ColdWetDog · · Score: 4, Funny

    Yeah, he should wait 24 hours and repost the whole article. That works way better around here.

    --
    Faster! Faster! Faster would be better!