Apple Keyboards Can Be Hacked, Proof-of-concept Already Showcased
When you think of computer security, the usual threats normally come to mind, things like viruses, Trojans, spyware, spam, malware and so on. The topic rarely focuses on a computer’s keyboard, unless of course you have keyloggers in mind. This year, at the Defcon conference in Las Vegas, a security researcher from the Georgia Institute of Technology known to us only by his nickname, K. Chen, showed the world that the Apple Keyboard poses a security threat to the Mac user.
The security researcher showcased a means of infecting the Apple Keyboard’s firmware, thus granting the attacker complete control over the targeted machine – that would be your beloved Mac. But wait, it gets better. Since the code is nestled comfortably in the keyboard, formatting the Mac’s hard drive will not get solve the problem. The only viable solution, explained K. Chen, is to throw away the infected keyboard and get another.
“Such code could also completely bypass the remote attestation of a Trusted Platform Module, if one were present in the computer. As far as everybody is concerned, our [malicious keyboard] code is simply the user typing commands at the keyboard,” explained K. Chen.
A detailed technical paper describing how an Apple Keyboard can be compromised is available here (PDF warning).
A video demonstrating the attack on an Apple Keyboard is available on YouTube here.
It’s not just the hardware that raises security questions, it is the Mac itself. For the time being attacks on Macs are very rare and security is something that Mac users take quite lightly, According to Charlie Miller, the security expert that recently uncovered the critical iPhone SMS vulnerability, and Dai Zovi, security researcher that co-authored “The Mac Hacker’s Security Handbook” alongside Miller, this is all due to change in the future. As Apple gains more market share, the Mac is will become a tempting target to hackers. And once hackers take Macs seriously and put in the resources to target them, you can expect Macs to become as vulnerable as Windows machines are now.
The security researcher showcased a means of infecting the Apple Keyboard’s firmware, thus granting the attacker complete control over the targeted machine – that would be your beloved Mac. But wait, it gets better. Since the code is nestled comfortably in the keyboard, formatting the Mac’s hard drive will not get solve the problem. The only viable solution, explained K. Chen, is to throw away the infected keyboard and get another.
“Such code could also completely bypass the remote attestation of a Trusted Platform Module, if one were present in the computer. As far as everybody is concerned, our [malicious keyboard] code is simply the user typing commands at the keyboard,” explained K. Chen.
A detailed technical paper describing how an Apple Keyboard can be compromised is available here (PDF warning).
A video demonstrating the attack on an Apple Keyboard is available on YouTube here.
It’s not just the hardware that raises security questions, it is the Mac itself. For the time being attacks on Macs are very rare and security is something that Mac users take quite lightly, According to Charlie Miller, the security expert that recently uncovered the critical iPhone SMS vulnerability, and Dai Zovi, security researcher that co-authored “The Mac Hacker’s Security Handbook” alongside Miller, this is all due to change in the future. As Apple gains more market share, the Mac is will become a tempting target to hackers. And once hackers take Macs seriously and put in the resources to target them, you can expect Macs to become as vulnerable as Windows machines are now.
