I’ll let you decide if this is LOL worthy.
APPLE KEYBOARDS ARE vulnerable to a hack that puts keyloggers and malware directly into the keyboard. This could be a serious problem, and now that the presentation and code is out there, the bad guys will surely be exploiting it.
The vulnerability was discovered by K. Chen, and he gave a talk on it at Blackhat this year. The concept is simple, a modern Apple keyboard has about 8K of flash memory, and 256 bytes of working ram. For the intelligent, this is more than enough space to have a field day.
Nothing is encrypted, decrypted, and the process is simple. You then resume HIDFirmwareUpdaterTool, and in a few seconds, your keyboard is compromised. Formatting the OS won’t do you any good, the code is in keyboard flash. There are no batteries to pull, no nothing, the keyboard is simply compromised.
Then from the proof of concept document:
The application checks a number of properties of the keyboard and checks the validity of the ?rmware image ?le kbd 0×0069 0×0220.irrxfw in the bundle. The ?rmware validity checking routine is called CRC32: and is the 75 byte routine starting at 0×00003005. Despite the name, this routine does not do CRC32 at all and in fact, it simply just adds up the bytes of the ?rmware image ?le and the application veri?es that the sum is 0x252ed7.
EPIC FAIL. While the rest of the world has been working hard on securing the fabrics of their kernel, Apple have concentrated on painting the Lepoard with new stripes. Before you fall into a trap thinking this isn’t as big as they make it out to be – because you need physical (and root) access to update firmware (and the user would have to approve), think of malware or a Safari related exploit. How many security conscience Mac users are there do you think? Wasn’t the original deal move to Mac and forget all your troubles?
Surely Apple can’t be the only keyboard at fault, I’m sure my Razer Tarrantula (with a few modifications) can fall into the same trap – atleast you’d hope so, for Apple’s sake (or not!).
Anyway, woo WINdows 7 to Technet/MSDN guys this week!