paranoia keeps us safe! :-)~MIKE~(-: On Thu, Nov 7, 2013 at 10:42 AM, Matt Graham wrote: > On 2013-11-07 09:54, Nathan England wrote: > >> what if someone were to intercept the keyboard I purchase and >> place a keylogger in the firmware? Is it possible to detect a >> >> keylogger built in the firmware of a keyboard? Do all keyboards >> have firmware? >> > > This seems like a *really* high level of paranoia, but anyway: All > keyboards have at the very least a microcontroller that does debouncing, > translates keypresses into scancodes, and sends those scancodes down the > wires. USB keyboards have that stuff and chips that translate keypresses > into packets that conform to the HID specs. > > Theoretically, a USB keyboard could be not just a HID device, but another > USB device (mass storage?) containing an executable. Some devices have > done similar things; there were some USB disks that presented themselves as > both a CD-ROM device containing Windows device drivers and a mass storage > device. There's a standard for this behavior though, something like > "Multi-LUN storage device", and I don't know if there's a similar thing for > HID. > > > Could the USB cable itself be a keylogger? >> How would you go about detecting that? >> > > The cable could have a small logging device in it. However, a logging > device would make the cable a *lot* more expensive than a regular cable. > Retrieving data from a logging device like that would probably require > someone to physically touch the cable or at least get very near it. > > As for detecting something like this, it's really difficult to prove a > negative. I suppose you could take high-res X-ray photos of a known good > USB cable and a suspect one and compare them. This would not be cheap. Or > you could make it so there's only 1 USB device plugged in (the suspect > keyboard), run a USB snooper, and look for suspicious USB packets. This > would take a lot of time. > > (Also, I've tried to do USB snooping on some things, and none of the > Windows USB snoopers I used seemed to work that well.) > > -- > Crow202 Blog: http://crow202.org/wordpress > There is no Darkness in Eternity > But only Light too dim for us to see. > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org > To subscribe, unsubscribe, or to change your mail settings: > http://lists.phxlinux.org/mailman/listinfo/plug-discuss >