Ohm

Apple keyboards hacked

14 posts in this topic

http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/

There's such a thing as being too smart. Why is it even possible to get to the firmware on a USB keyboard? It's a keyboard. It should just work. The fact that malware and embed a keylogger inside the keyboard (USB keyboard or laptop keyboard) is just scary. This is also an argument for variety in hardware. Even if all USB keyboards were flashable, if everyone had a variety of models, it would make it very difficult for malware to target them all.

But you really shouldn't be able to flash the firmware on your keyboard. Pretty stupid on Apple's part. Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

1

Share this post


Link to post
Share on other sites

http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/

Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

I thought people had learned their lessons on security through obscurity by now. :blush:

-1

Share this post


Link to post
Share on other sites

http://www.semiaccur...k-demonstrated/

Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

I thought people had learned their lessons on security through obscurity by now. :blush:

"a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working ram. For the intelligent, this is more than enough space to have a field day"

Modern.

Modern.

PowerPc's are not so modern any more.

-1

Share this post


Link to post
Share on other sites

PowerPc's are not so modern any more.

Which is why the Xbox 360, PS3 (in a sense) and Wii use them? Apple also hasn't used the PPC in a while now, so what are you talking about?

The keyboard itself runs on a microcontroller of some sort. Maybe even something familiar like a PIC or AVR. Probably something they could integrate into their own chip design though.

0

Share this post


Link to post
Share on other sites

PowerPc's are not so modern any more.

Which is why the Xbox 360, PS3 (in a sense) and Wii use them? Apple also hasn't used the PPC in a while now, so what are you talking about?

The keyboard itself runs on a microcontroller of some sort. Maybe even something familiar like a PIC or AVR. Probably something they could integrate into their own chip design though.

He was referring to the topic "Security through obscurity"

And I was referring to the Powerpc Apple that was discussed within this topic.

Edited by R4p1d
-1

Share this post


Link to post
Share on other sites

What PowerPC Apple?

0

Share this post


Link to post
Share on other sites

What PowerPC Apple?

The ones that Apple made.

-1

Share this post


Link to post
Share on other sites

What PowerPC Apple?

The ones that Apple made.

Noone but you have mentioned Powerpcs. Not even the article linked. Powerpc laptops all used ADB keyboards, while the external keyboard in the link is a recent, post-Intel transition keyboard.

And yes, PowerPCs are modern, like the PS3 Cell/G5 chip.

~

Personally, this hack could work both ways. By being able to change the firmware, you can create hardware based shortcuts and macros. Think WoW macros without detected software api hooking shortcut production. Change the keycode sent by a certain key to reflect a desired change. Press Alt three times rapidly and you can make diablo2 show the name of all dropped items without having to hold in alt. Change the Alt/Windows key to Command/Option key on a individual keyboard basis (haven't been able to find a program that allows that yet). Auto type a long string when pressing a certain combination, and being able to do this without wasting resources, and on any computer you move the keyboard to.

Wonder if this works for the apple bluetooth keyboards.

-1

Share this post


Link to post
Share on other sites

http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/

There's such a thing as being too smart. Why is it even possible to get to the firmware on a USB keyboard? It's a keyboard. It should just work. The fact that malware and embed a keylogger inside the keyboard (USB keyboard or laptop keyboard) is just scary. This is also an argument for variety in hardware. Even if all USB keyboards were flashable, if everyone had a variety of models, it would make it very difficult for malware to target them all.

But you really shouldn't be able to flash the firmware on your keyboard. Pretty stupid on Apple's part. Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

Why shouldn't you be able to flash the keyboard firmware? Keyboards are like any other peripheral that could use an update. Mice, external drives, bluetooth adaptors, wifi adaptors, mp3 players, even usb hubs. Any device could use extra features or bug fixes. The only stupid part would be the plain text updating, but considering the hacking and userbility aspects, allowing custom code could be a plus (Like I said, custom hardware macros on cheap standard keyboards instead of expensive gaming keyboards) . Look at how people enjoyed and made use of adding services to commercial NAS devices, like the Linksys Slug, which where eventually added to other commercial devices (Bittorrent, multi-OS sharing services, web access, shell access). Or even the older ipods and unencrypted firmware allowing the installation of linux on them. Encryption just limits what a regular use can do with them.

Honestly, this isn't like regular security through obscurity. More like, "wait, you can hack keyboards? WTF would have even thought of that??"

-1

Share this post


Link to post
Share on other sites

http://www.semiaccur...k-demonstrated/

Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

I thought people had learned their lessons on security through obscurity by now. :blush:

What PowerPC Apple?

The ones that Apple made.

Noone but you have mentioned Powerpcs. Not even the article linked. Powerpc laptops all used ADB keyboards, while the external keyboard in the link is a recent, post-Intel transition keyboard.

And yes, PowerPCs are modern, like the PS3 Cell/G5 chip.

~

Personally, this hack could work both ways. By being able to change the firmware, you can create hardware based shortcuts and macros. Think WoW macros without detected software api hooking shortcut production. Change the keycode sent by a certain key to reflect a desired change. Press Alt three times rapidly and you can make diablo2 show the name of all dropped items without having to hold in alt. Change the Alt/Windows key to Command/Option key on a individual keyboard basis (haven't been able to find a program that allows that yet). Auto type a long string when pressing a certain combination, and being able to do this without wasting resources, and on any computer you move the keyboard to.

Wonder if this works for the apple bluetooth keyboards.

I was commenting on Tekio's comment, thanks.

http://www.binrev.com/forums/index.php?showtopic=40786&st=0&p=335040entry335040

-1

Share this post


Link to post
Share on other sites

http://www.semiaccurate.com/2009/07/31/apple-keyboard-firmware-hack-demonstrated/

Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

I thought people had learned their lessons on security through obscurity by now. :blush:

Linking to a months old thread, while referring to Tekio's comment in this thread that has no mention of ppc? O_o

0

Share this post


Link to post
Share on other sites

http://www.semiaccur...k-demonstrated/

Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

I thought people had learned their lessons on security through obscurity by now. :blush:

I was commenting on Tekio's comment, thanks.

http://www.binrev.co...40entry335040

Linking to a months old thread, while referring to Tekio's comment in this thread that has no mention of ppc? O_o

Tekio's comment was based around our argument in that thread.

The keyboards that came with Apples PPC's are not modern, which makes Tekio's comment null.

Understand now? :huh:

-1

Share this post


Link to post
Share on other sites

Tekio's comment was based around our argument in that thread.

The keyboards that came with Apples PPC's are not modern, which makes Tekio's comment null

Perhaps it was confusing because I unintentionally quoted the link, but was referring to ohm's comment in regards to OS X, and Apple's implied security practices around the O/S.

EDIT:

"Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

Edited by tekio
0

Share this post


Link to post
Share on other sites

...

But you really shouldn't be able to flash the firmware on your keyboard. Pretty stupid on Apple's part. Much of the "security" in OSX seems to be "it's hidden because we haven't told anyone about it, therefor it's secure because no one will look there."

Absolutely right. The keyboard is automatically trusted by Apple's system. If they were going to do something like this then they should have some type of security to check for non-apple alterations. The only reason that they didn't do that is because like you said they think its secure because no one would ever be clever enought to figure that out...right. Driver hacking is so Windows 95. Although this wasn't a driver hack directly apple is using the firmware to do what the Driver should be doing. Plus, this only adds to the cost of the board and bloats the system. Keyboard technology is as standard as standard could be...why waste resources on this.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now