August 3rd, 2009
Hacker demos persistent Mac keyboard attack
Posted by Ryan Naraine @ 8:55 am

Apple’s sleek $49 Mac keyboards can be hacked and infected with keystroke loggers and impossible-to-detect rootkits, according to a security researcher presenting at this year’s Black Hat/DEFCON conferences.


The researcher, known only as “K. Chen,” found a way to reverse engineer and tamper with the keyboard’s firmware upgrade. With the firmware under control, an attacker can subvert the keyboard by embedding malicious code that allows a rootkit to survive a clean re-installation of the host operating system.

Chen, from the Georgia Institute of Technology, said malicious code embedded into the firmware would be immune to the typical rootkit detection methods which examine the integrity of the filesystem, check for hooks or direct kernel object manipulation, or detect hardware and/or timing discrepancies due to virtualization in the case of a virtual-machine based rootkit.

“Such code could also completely bypass the remote attestation of a Trusted Platform Module, if one were present in the computer. As far as everybody is concerned, our [malicious keyboard] code is simply the user typing commands at the keyboard,” he explained.

Chen said a malicious keyboard can be used to snoop on keystrokes from any machine it is plugged into.

Here’s a technical paper discussing the keyboard firmware attack. In the video below, Chen demonstrates the attack for George Ou.