Apple keyboards are vulnerable to hackers

mr_fishbulb

thescouselander wrote: »

Thats all very well but how would this hack be used in a practical sense. Presumably you would have to have physical access to the keyboard

You wouldn't need physical access to upgrade the firmware on the keyboard.

isofa

kwikbreaks wrote: »

Of course the encryption could be broken but the fact remains that it is easier to hack wired keyboards than bluetooth ones so "Far more at risk is someone with a PC, Mac or any other type of wireless keyboard transmitting over blue-tooth" is incorrect.

I totally disagree, wireless connections are much easier to break into than anything else. This have been proven by industry professionals, Cambridge academics and everyone in between. I'd be interested to read your opposing facts to these experts.

Your statement is utterly incorrectly from my view as someone in the industry and with more than a passing knowledge of this subject matter.

kwikbreaks

Well bluetooth uses reasonably secure encryption but there is no encryption at all with a wired keyboard and you were the one who first mentioned that it is possible to pick up those signals not me so go figure.

thescouselander

mr_fishbulb wrote: »

You wouldn't need physical access to upgrade the firmware on the keyboard.

Well I suppose there are two ways

1) Get physical acccess and change the firmware
2) Change the firmware by running some code on the host computer


If you have gone to the trouble of option 2 (bypassing the other security features on OSX) you could have done all sorts of other, more effective, things instead messing about with the keyboard.

Whats the point I say.

Also you would need another piece of malware in the host machine to interrogate the keyboard and forward the information on. If this is already there why not run the keylogger as part of this application too.

macman

Marty_J wrote: »

The user would have to download a keyboard firmware update (from someone who isn't Apple). The malware would then live in the keyboard's memory.

The last line of the report is quite telling: "many other devices have firmware update mechanisms that we believe can also be exploited by attackers for malicious purposes".

This seems to be a problem shared by many devices with firmware that can be updated, and it's not confined to Apple keyboards.

Presumably they choose an Apple keyboard because then it'll hit the headlines. An article called "Microsoft security problem found" wouldn't really be news.

Nice one Marty. :rotfl::rotfl::rotfl:

isofa

kwikbreaks wrote: »

Well bluetooth uses reasonably secure encryption but there is no encryption at all with a wired keyboard and you were the one who first mentioned that it is possible to pick up those signals not me so go figure.

A knowledgeable person with a laptop and software can crack bluetooth (if he's close enough) and WEP WiFi encryption. Bluetooths security "strength" doesn't rely on uncrackable encryption, but instead on the shortwave nature of transmission.

A knowledgeable IT/engineering student with a few high powered graphics cards running a rig can crack WPA if he knows what he's doing.

To pickup electronic signals from a wired keyboard (I'm not talking about the OP firmware crack), but a completely standard wired keyboard, requires an enormous amount of skill coupled with hundreds, if not millions of pounds worth of sensitive equipment. It's near to impossible without these combined items.
I mentioned this earlier to just show than anything is breakable if you have the tools, there is no such thing as 100% security.

I'm fortunate to have seen a few of these techniques demonstrated in an IT forensics demo.

Therefore, in my opinion, backed by a little research, wired keyboards are the most secure. Anything wired is always more secure that wireless, providing basic security measures are considered.

So, as you so eloquently put it, "go figure". :rolleyes: