Hackers Could Exploit Apple Keyboard

Addressing the Black Hat Conference, K. Chen, Security Researcher at the Georgia Institute of Technology, cyber criminals can hack or infect the sleek Mac keyboards of Apple. They could also install keystroke loggers and undetectable rootkits, as reported by ZDNet August 3, 2009.

The researcher has also discovered a new vector by which hackers could subvert the keyboard by inserting malicious code that enables a rootkit to survive as it reinstall the rootkit in the operating system.

According to Chen, malevolent code inserted in the firmware will be immune to a common rootkit detection technique that checks the integrity of the file-system, examine direct or hooks kernel object manipulation. Besides, it gives protection against hardware detection or timing discrepancies owing to virtualization in case of virtual-machine based rootkit.

Chen also revealed that the infected keyboard could be used to record keystrokes from any computer in which it is installed.

There are two methods by which this exploit could be perpetrated. First - if someone has the physical access to the machine and administrative password, second - if someone gains access to the machine by installing a rootkit remotely.

Now the question arises - if a hacker has full control on the system, then why he wants to do anything with the keyboard. The answer to this question is that an infected user could find solution of rootkit exploit and even resets the drive but the attacker could easily access the keyboard.

Moreover, the reason for taking over a keyboard by a firmware can be very dangerous because it can simply hold more than 1,000 keystrokes, Chen claims. This facilitates an exploiter to record anything a user types on the machine, including the administrative passwords.

With this, the attacker could do anything like disabling certain keys and destroying keyboard without any possibility of reflashing. This also includes the desktop keyboards of Apple along with the laptop keyboards. Chen also indicated that along with an unpatched machine, an attacker could exploit a Safari zero day exploit to cause damage to Apple keyboards.

Finally, the researcher states that Apple will hopefully patch the exploit soon.

Related article: Hackers Redirect Windows Live Search to Malicious Sites

» SPAMfighter News - 8/18/2009