paranoia keeps us safe!

:-)~MIKE~(-:


On Thu, Nov 7, 2013 at 10:42 AM, Matt Graham <mhgraham@crow202.org> wrote:
On 2013-11-07 09:54, Nathan England wrote:
what if someone were to intercept the keyboard I purchase and
place a keylogger in the firmware?  Is it possible to detect a

keylogger built in the firmware of a keyboard? Do all keyboards
have firmware?

This seems like a *really* high level of paranoia, but anyway:  All keyboards have at the very least a microcontroller that does debouncing, translates keypresses into scancodes, and sends those scancodes down the wires.  USB keyboards have that stuff and chips that translate keypresses into packets that conform to the HID specs.

Theoretically, a USB keyboard could be not just a HID device, but another USB device (mass storage?) containing an executable.  Some devices have done similar things; there were some USB disks that presented themselves as both a CD-ROM device containing Windows device drivers and a mass storage device.  There's a standard for this behavior though, something like "Multi-LUN storage device", and I don't know if there's a similar thing for HID.


Could the USB cable itself be a keylogger?
How would you go about detecting that?

The cable could have a small logging device in it.  However, a logging device would make the cable a *lot* more expensive than a regular cable. Retrieving data from a logging device like that would probably require someone to physically touch the cable or at least get very near it.

As for detecting something like this, it's really difficult to prove a negative.  I suppose you could take high-res X-ray photos of a known good USB cable and a suspect one and compare them.  This would not be cheap.  Or you could make it so there's only 1 USB device plugged in (the suspect keyboard), run a USB snooper, and look for suspicious USB packets.  This would take a lot of time.

(Also, I've tried to do USB snooping on some things, and none of the Windows USB snoopers I used seemed to work that well.)

--
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.phxlinux.org
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss