haha @ apple Just to reverse the trend of last weeks little fun at Microsofts expence, heres an exploit to insert keyloggers into apple keyboards. You've gotta get Apple hardware!!
SemiAccurate :: News for the Everygeek
http://www.blackhat.com/presentation...Firm-PAPER.pdf
This is so Apple, they bundle everything with their computers, viruses with iPods, keyloggers with keyboards. What next
This is scary stuff, very scary.
Fear is multiplied by the amount of Macs you have and multiplied again by the integration with your network services.Originally Posted by kmount
While the method is impressive, is it ever going to be easier for the hacker than using a traditional keylogger program?
I'm slightly sceptical!
Traditional keylogger requires physical access. Depends if that is easier or not.
All USB keyboards are vulnerable. The blame here rests on the USB Device Firmware Update Specification [usb.org], which specifies how firmware updates are supposed to work. Hint: there's no security. The only reason this makes news at all is because it has the word "Apple" in the title.
Spec compliant, secure: choose one. USB was designed for single user computers without security in mind. The only way to solve this (partially) with existing hardware would be to block access to hardware devices from applications running as non-root users, which is fundamentally contrary to the desire to get device drivers out of the kernel for stability. Short of that, this can only be solved by putting a more powerful CPU in the keyboard controller so that it can do a signature check on its own firmware.
A link to this post in its original context - Slashdot Comments | Apple Keyboard Firmware Hack Demonstrated
Should prove interesting in the next few days how this unfolds beyond Apple if such devices are as susceptible.
The guy benieth that says most dont have upgradable firmware. The fact nearly all apple os users will have on of these makes it easier to target then random luck of finding a windows keyboard that lets it be exploited.
Nonsense... there must be trojans which can do that, surely?!
Cant quite see how the firmware can be remotely compromised without some kind of user interaction, especially if the HIDFirmwareUpdaterTool has to run and know info is given on how a remote attacker might get access to the logged info remotely.
mac_shinobi (2nd August 2009)
Video on YouTube funnily enough they were using windows and notepad
[ame="http://www.youtube.com/watch?v=_81lHJQpc_Y"]YouTube - Apple keyboard with evil firmware can root any computer[/ame]
What would you do if it was a logitech keyboard? Run for the hills?
Also it's only 5 characters so not sure if that could be increased ?
Last edited by mac_shinobi; 2nd August 2009 at 06:39 PM.
The only reason they needed to demonstrait it this was is because of leagal concerns. If they had compromised it any other way they would have been breaking DMCA laws and apple would have had them eaten by their pet lawyers. This is the same company who sues people for finding bugs in their software and sues clients who get too talkative about product faults.
Apple tries to silence owner of exploding iPod with gagging order
This exploit can be performed in a much easier way by just transparently uploading a new firmware into the keyboard. This would have required them to crack the encryption directly, not difficult but illegal under US law so they chose this method to display it. Actual criminals are not concerned with this though and can do it in more devious ways.Apple attempted to silence a father and daughter with a gagging order after the child’s iPod music player exploded and the family sought a refund from the company.
The Times has learnt that the company would offer the family a full refund only if they were willing to sign a settlement form. The proposed agreement left them open to legal action if they ever disclosed the terms of the settlement.
The case echoes previous circumstances in which Apple attempted to hush up incidents when its devices overheated.
Given the onboard memory capacity of the keyboard 1KB there is the possibility to store up to 1000 characters in the keyboards memory without having to offload any of it to the system.
Other systems like laptops of almost all brands offer built reprogrammable keyboards, just update the BIOS on an old hp to see this in action. The difference is that this reprogramming is done directly by the BIOS and brings up a message alerting the user. As it is not a USB system this exploit should not be possible. There are also so many differing versions that targeting it would be non-trivial.
Apple's closed environment allows for targeted attacks to be more sucessful as you are talking about tens of devices not thousands.
If this flaw was shown to affect logitec devices there would still be concern and publicity but it is easier to swap out an external logitec KB while the issue is fixed than an integrated laptop keyboard. As yet this flaw has not been seen to be exploited in the wild but there is still the possibility, especially with the code avalible. On a positive note Apple usually does patch these things once they have been rubbed in their faces.
Last edited by SYNACK; 3rd August 2009 at 05:15 AM.
Theblacksheep (4th August 2009)
Rubbed in their faces to Apple means the front page of the BBC news site, not some kid at hacker conference! I mean, look at the denial, it must be deafening at Apple!
Still, instead of paying £50 for a new vulnrable imac keyboard from Apple, I bet you can get some cheap ones on ebay at the moment!
mac_shinobi (4th August 2009)
You mean to say Logitech and other brands of keyboards are cheap and crud ?
Am sure logitech top of the line equipment can't be less then £50
I had the MX5000 desktop set ( keyboard and mouse ) for my P4 desktop machine and that was £80 something and is still great but just not compatable with my mac because of the encryption and logitech didnt make drivers / software for it
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks