Seriously, how safe is our keybaords?

Discussion in 'Mac Pro' started by UltraNEO*, Dec 12, 2009.

  1. UltraNEO* macrumors 601

    UltraNEO*

    Joined:
    Jun 16, 2007
    Location:
    近畿日本
    #1
    http://www.semiaccurate.com

    :eek: This really possible?
     
  2. cjmillsnun macrumors 68020

    Joined:
    Aug 28, 2009
    #2
  3. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
  4. richard.mac macrumors 603

    richard.mac

    Joined:
    Feb 2, 2007
    Location:
    51.50024, -0.12662
    #4
    doesnt it have to be done locally? i.e. hacker dude comes to your house and then installs vulnerable firmware on keyboard.
     
  5. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #5
    yup but what is to stop them from buying the keyboard, then selling a bunch on ebay? bada-bing bada-boom hello credit card details! (etc) ;)
     
  6. ranguvar macrumors 6502

    Joined:
    Sep 18, 2009
    #6
    Remember that one Java security hole that gave Java applets unrestricted access to your computer? It's as simple as running all the necessary code (patched firmware & gdb-stuff) through the JNI, and *PA-BOOM* your keyboard's compromised, completely remotely ;)

    And that's just an example, this probably applies to millions of security holes out there....
     
  7. J&JPolangin macrumors 68030

    Joined:
    Jul 5, 2008
    Location:
    Thule GL @ the TOW
  8. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #8
    a quick google doesnt seem to think so...

    *ps sorry for stalking!*
     
  9. J&JPolangin macrumors 68030

    Joined:
    Jul 5, 2008
    Location:
    Thule GL @ the TOW
    #9
    :eek::rolleyes::eek:
     
  10. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #10
    Consider this: For a remote exploit, the attacker must be able to download and run code on your Macintosh that will upgrade the keyboard firmware. If the attacker can download and run code to upgrade the keyboard firmware, they can download and run code to do anything.

    So we have two facts: 1. A person with physical access to your computer can install a keylogger by changing the firmware on your keyboard. That person can much easier install a key logger that will work with any keyboard, not just an Apple one, by installing a tiny bit of hardware between the USB cable of the keyboard and the USB port on your computer.

    2. A hacker who can convince your computer to download and run software on your computer can do anything. But they can't convince your computer to download and run software on your computer, and if they can, then the keyboard is the last of your worries.

    3. A danger is that a hacker with access to your computer could install this on his own keyboard at home, then go to your machine and swap keyboards. They would still need a way to extract the information, so they would have to come back to your machine. And again, there are physical key loggers.

    Summary: If Macs are vulnerable to viruses, then we have problems. And there are much worse things that a virus can do than installing a key logger. And if some malicious person has physical access to your Mac, then you have a problem, but this key logger in the Mac firmware is the smallest of your worries.
     
  11. TuffLuffJimmy macrumors G3

    TuffLuffJimmy

    Joined:
    Apr 6, 2007
    Location:
    Portland, OR
    #11
    Or the virus from visiting a malicious site could also install a keylogger to the keyboard. So if you discover your virus and you format the drive the malware will still be in your keyboard and immediately compromise your machine and any computer you ever connect that keyboard to.
     
  12. designgeek macrumors 65816

    designgeek

    Joined:
    Jan 30, 2009
    Location:
    "Town"
    #12
    Only if you're dumb enough to download the firmware hack.
     
  13. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #13
    or be unlucky enough to purchase a bad keyboard.
     
  14. designgeek macrumors 65816

    designgeek

    Joined:
    Jan 30, 2009
    Location:
    "Town"
    #14
    Yeah, I guess worst case scenario is that the hack would be put on used boards and then sold on ebay. Then some unsuspecting person would buy it and long story short the zombies attack and the world ends.;)
     
  15. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #15
    just saw zombieland, so nice one! (dreams)

    but seriously this could end up being a pretty massive scam. especially if the buyers were popular and waited until they sold thousands of keyboards.
     
  16. 300D macrumors 65816

    300D

    Joined:
    May 2, 2009
    Location:
    Tulsa
    #16
    None of you have anything worth keylogging.

    If you do, a smart user wouldn't be using anything wireless to transmit sensitive information.
     
  17. Spacedust macrumors 6502a

    Joined:
    May 24, 2009
    Location:
    Poland
    #17
    I'm using Logitech Illuminated Keyboard so I'm safe ;) Nothing to flash here.

    It's the best keyboard for Mac Pro !
     
  18. goMac macrumors 603

    Joined:
    Apr 15, 2004
    #18
    Except you have to have physical access to get the data back out. It's not like the keyboard has an internet connection.
     
  19. DoFoT9 macrumors P6

    DoFoT9

    Joined:
    Jun 11, 2007
    Location:
    Singapore
    #19
    wireless? this can happen with wired keyboards too.

    and sensitive information is different for each person. bank logon details are pretty important to me!

    nope but the computer its connected to would!
     
  20. ricof macrumors member

    Joined:
    Nov 29, 2009
    Location:
    The Garden of England
    #20
    Not to sound obtuse, but...credit card details, bank details and other sensitive information?
     
  21. lbodnar macrumors regular

    Joined:
    Jan 5, 2004
    Location:
    UK
    #21
    Keyboard accumulates critical information and deliberately stops working. It would then be naturally returned to the seller for a [non-hacked] replacement.
     
  22. MacVidCards Suspended

    Joined:
    Nov 17, 2008
    Location:
    Hollywood, CA
    #22
    do we REALLY have nothing better to worry about?
     
  23. UltraNEO* thread starter macrumors 601

    UltraNEO*

    Joined:
    Jun 16, 2007
    Location:
    近畿日本
    #23
    Those are very interesting points but what is there stopping someone at, say a university technician, hacking it's keyboard and in an attempt of collecting private information? Then later, some student coming along and using that key-logged enabled keyboard for access his/her bank account? Surely that's a security risk right there!!

    and... what if that key-logged keyboard finding it's way to ebay?

    Apple.. please fix this flaw.



    BTW... Why does our keyboard need firmware?
    It's a keyboard, just give it a cheap microprocessor and leave it at that!
     
  24. CaptainChunk macrumors 68020

    CaptainChunk

    Joined:
    Apr 16, 2008
    Location:
    Phoenix, AZ
    #24
    I always thought it was pretty silly, too. The first thin aluminum Apple keyboard I bought (replacement for a broken Pro keyboard that came with my white C2D iMac) wanted to do a firmware update almost immediately after I plugged it for the first time. Firmware for a keyboard? What for?

    My only real guess would be that it's needed for the 2nd functions to work on the Fx keys, which were rearranged a bit from the previous generation keyboard. But I could be totally wrong. I'm only speculating. Even so, it still seems that this could be handled with a simple microprocessor.
     
  25. lbodnar macrumors regular

    Joined:
    Jan 5, 2004
    Location:
    UK
    #25
    Any keyboard had a microprocessor running its own firmware since first IBM PC days almost 30 years ago. The only difference today is that flash based microprocessors first became available and then cheap enough so that few OEMs bother to order mask-ROM parts anymore because 1) you need to order a lot of them at once and 2) they will be obsolete within a year. For an engineer not to leave himself a second chance of saving his design from a bug discovered after it hit production is too precious to pass by.

    It's a rubbish news. With same effect one can implant bad code into a hard drive, wireless card, DVD drive, network router, USB stick and even SMC controller - they all run their own firmware.
     

Share This Page