Wed, 05 Aug 2009 Apple keyboard firmware vulnerability demonstrated
This is no less serious a vulnerability than the iPhone SMS exploit
Apple may have rolled out a security patch for the iPhone SMS vulnerability demonstrated at last week’s Black Hat security conference, but it wasn’t the only Apple device under attack.
One hacker demonstrated a way that a keylogging application - a piece of malware that keeps track of what you type - could be installed in the firmware of Apple’s keyboards.
As it turns out, Apple’s keyboards (both the laptop and external USB versions) include both a small amount of RAM and flash memory - plenty of room to run a simple keylogging program.
And because Apple’s keyboard firmware updater is apparently unencrypted and doesn’t need to be validated, it’s not very difficult for such an exploit to be injected into a seemingly innocuous program.
Once the keylogger’s in the keyboard firmware, it’s virtually undetectable by the usual malware-scanning tools - after all, it’s not on your hard drive. The exploit's creator demonstrated how it could be used to easily retrieve passwords entered by a user.
This is no less serious a vulnerability than the iPhone SMS exploit, even if it isn’t quite as prominent as a flaw involving Apple’s hottest new device. You can read the full paper or view the presentation slides at the Black Hat site.
Check out our new Macworld Mobile site.
Follow Macworld UK on twitter: www.twitter.com/macworlduk
Contact Us
DiggEmail A Friend
Email this article to a friend or colleague:
PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.
Permalink This Article
This articles permalink is:
http://www.macworld.co.uk/mac/news/index.cfm?newsid=26816
<<prev article | back to news index | next article>>
Do you share your creations online? % of Macworld readers agree with you What do you create and how do you share it? Follow the conversation at @TabletChat paintings & illustrations, mostly, which i upload to flickr.RT @fragmentedm I draw manga/anime characters. I also do graphic design and photography.RT @spialelo Yes. I usually put them up on my #deviantart account for feedback on how to improve.RT @spialeloQuestion of the day!
Latest News
- Apple intros Aperture 3, adds over 200 new features
- Walt Disney World iPhone update offers 300 pages, 500 photos
- VIP iPhone app drops from millionaire priced £279.99 to under a tenner
- Play.com: Google Nexus One now available for pre-order
- Amazon's Kindle gets ready to battle Apple's iPad
- Apple Store is down, new Macs imminent?
- Canon intros EOS 550D 18-megapixel DSLR camera
- WSJ: Apple could slash iPad prices if sales disappoint
- Apple offers 'find out how' tutorials as podcasts
- Adobe says sorry for 16-month-old Flash bug
- Getty launches subscription stock image service, Thinkstock
- RouteBuddy intros RouteBuddy Atlas 1.3 for iPhone, iPod touch
iPhone 3G S Video Review
Related News
- Apple tells iPhone developers not to use GPS just for ads
- Apple iPad: Hype will kill sales, survey says
- Apple offering £200 deal to owners of faulty 27-inch iMacs?
- Former Apple exec: iPad too big, 'smarted out'
- Rumour: Pegatron to produce Apple iPhone 4G
- Most iMac users say software update fixes flickering screen woes
- Adobe: Tell Apple, Steve Jobs we're not lazy
- Are iPad sceptics as wrong as iPhone naysayers were?
- Apple, STMicroelectronics may go to war over iPad name in Europe
- Apple iPad likely to come with mobile ads
Mac Broadband?
Search news
Search Google
Newsletter signup
It's easy and free to get the latest news headlines, reviews and opinions straight to your email inbox. Sign up NOW to make sure you receive the latest Mac news, reviews and tutorials on your favourite topics.
Register now
Stay on top of the latest, breaking Mac news and chat with other Mac professionals and enthusiasts about the issues that matter to you. Register with Macworld today to join our forums and receive our twice-weekly email newsletter, Macworld Mainline.
RSS
Have the latest content delivered to your desktop via RSS. Use the links below to get access to a specific blog, news, or reviews feed.
MACWORLD MARKETPLACE
 |
Computer & Laptop |
 |
Are you a new customer? Are you doubtful? |
 |
50% off ebooks |
 |
Circus Ponies NoteBook - the easy way to get organized on the Mac |
 |
Beat the Credit Crunch - Lease your Mac from Hardsoft. |
Comments received
RealityCheck said on Wed, 05 Aug 2009
Hope they patch this quicker than they did Java.
"even if it isn’t quite as prominent as a flaw invovling Apple’s hottest new device" - can't you just be journalists without brown noses for once?
Slinky said on Wed, 05 Aug 2009
I think they were trying to point out that this was as serious a flaw as the iPhone one; even if it was getting less coverage than that because the iPhone is the hotter device.
Between that and the RealityCheck tag you do just come across as a troll y'know. Maybe think (or read carefully) before posting next time. Just a thought.
dig said on Wed, 05 Aug 2009
this is overhyped bull. i'd love to see one of these guys try to make this hack happen in the real world.
@dig said on Wed, 05 Aug 2009
A fully patched Mac was hacked in seconds earlier this year, sure it is not that hard. The question is - why bother?
Disclaimer
Opinions expressed here are those of the writers and do not reflect those of Macworld. Macworld accepts no responsibility legal or otherwise for their accuracy of content.
Click here to read the house rules.
Click here for the latest reader comments