With a bit of work, the firmware of some Apple keyboards (A keyboard with open programmable firmware? That’s a big mistake.) can be hacked so that the bad guys can have complete control over the system, recording your keystrokes, reinfect the computer if the hard drive is wiped, etc… . In other words, really bad news.
It makes me wonder if other keyboards that features any sort of programmable features could potentially have an issue like this. Scary stuff, indeed.
(Yes, that headline was intentionally written to incite the fan boys. Just relax, it’s a joke, as there are plenty of good reasons for each platform, I know that.)
Comments
Sorry Jake, you can’t just duck the pushback by pulling the “it’s a joke” card. To pick an extreme example, if someone publishes a racial slur, will he get a free pass if he just adds a footnote that it was just a joke?
In any case, regarding the keyboard hack… Did you catch the qualifier that the technique required an already rooted computer? In other words, the Mac needs to be first pwned via some other vulnerability. So the hack is cute but hardly worth getting one’s panties in a bunch over. If your computer has been rooted, you’re already totally screwed… the keyboard hack would be just an extra layer of pain to add to your troubles.
Perhaps it’s just the anti-Mac sensibilities of the reporter showing but the prejudical claim that firmware was left open because of Apple’s “tendency to rush hardware to market” appears to be asserted without evidence. It’s pretty common for Apple to issue firmware updates as new hardware features are developed and bugs are fixed and Apple is pretty open about this so I don’t understand the desire to invent new reasons for why this is so. It’s also a pretty common practice in the industry as a whole. Much of the embedded hardware in the market these days allow for their firmware to be updated. If this is a significant vulnerability, then much more than just Apple hardware is vulnerable.
First off, I hardly equate throwing out an anti-Mac joke to racism. That’s quite the stretch, so let’s not go there. Hell, if I could afford a Mac, I’d probably have one here, too — if only for a good desktop with BSD underpinnings. Meanwhile, my several PCs all running Windows and various Linux distros are doing just fine, thanks.
Secondly, while I just glanced through the article, I don’t doubt that this hack could be applied to other programmable hardware. And it scares the jeebers out of me. What scares me is that the keyboard could be rooted, and the most common fixes for rootkit problems — wiping the hard drive — won’t work here as the keyboard could then reinfect it.
Jake, I apologize if you took offense but take a closer look at what I wrote. I certainly did not “equate” anti-Mac jokes to racism. I was merely illustrating the problem with playing the “just a joke” card using an extreme example where it clearly wouldn’t pass muster.
(First off, Ric, none of this is directed personally at you, I’m just ranting a bit…)
I didn’t take offense, I just think throwing out the “just a joke card” is fine when the debatable topic has been debated so ferociously over the years for mostly stupid reasons. I think the Mac vs. PC debate is utterly pointless now that Macs have a good OS and hardware to take advantage of that OS (which wasn’t the case back in the OS8-9 days). Sadly, though, the Mac fans out there will take any slight indication that someone is anti-Mac and roll with it, even if that’s not the case. You generally don’t see that kind of reactionary attitude out of hardcore PC users.
Heck, it happened here locally, too, when a local (non-techie) reporter mentioned Windows and the Mac in the same sentence, and Mac folks flipped out.
I’ve said it before: What bothers me the most about Macs is some of their annoyingly argumentative fans.
This is why I rarely even open up this can of worms on this site — like I avoid religious or political debates — as neither side wants to hear what the other has to say. They already know they’re right, rhyme or reason be damned.
</rant>
I don’t have a Mac, but the current OS is based upon BSD chain. With this, review the /dev/keyboard /dev/mouse and /dev/framebuffer (naming could be different in the Mac OS release).
These device driver entry points provide simple read, write … tradition functions for a device entry point.
Later on, UNIXen in the /bin/login routine does a chown() of the device to lock it down to the logged in user to make it harder to passively read keystrkes, frame buffers and the like.
> You generally don’t see that kind of reactionary
> attitude out of hardcore PC users.
Actually, I’ve found the PC “fanboys” to be just as clueless and boorish when they start their anti-Mac harangues.
Even back in the OS8-9 days, there were defensible arguments for one to choose a Mac just as there were defensible arguments in favor of PCs. Both had strengths, and both had weaknesses; you picked your poison. But even back then, there were clueless partisans on both sides.
The operating systems may have changed but the arguments never seem to.
> This is why I rarely even open up this can of
> worms on this site — like I avoid religious or
> political debates — as neither side wants to
> hear what the other has to say. They already
> know they’re right, rhyme or reason be damned.
Fair enough. Your house, your rules. But you can’t have it both ways. As I said in my first post, you can’t really expect to get away with a drive-by potshot on these issues without some pushback 😉