Got root on your Apple keyboard?

Now this one is fun. According to ZDNet, it’s possible to hack the firmware of some Apple keyboards in order to install malware on it. Yes, on the keyboard – not the Mac. In fact, even if you wipe the computer entirely, the malware can persist.

“Apple’s sleek $49 Mac keyboards can be hacked and infected with keystroke loggers and impossible-to-detect rootkits, according to a security researcher presenting at this year’s Black Hat/DEFCON conferences.

The researcher, known only as “K. Chen,” found a way to reverse engineer and tamper with the keyboard’s firmware upgrade. With the firmware under control, an attacker can subvert the keyboard by embedding malicious code that allows a rootkit to survive a  clean re-installation of the host operating system.”

Now this isn’t exactly a usable exploit – it’s a lot of fuss to get something that can installed on a machine much more easily using a bit of social engineering. But it highlights the potential issues we have as peripherals get smarter and smarter. I didn’t even know that the keyboard had firmware, let alone that it was hackable.

If you want to read the technical paper with all the details, it can be downloaded in PDF form here. Video demo below.

Reblog this post [with Zemanta]