Re: Keyboards Followup / Paranoia

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Matt Graham
Date:  
To: Main PLUG discussion list
Subject: Re: Keyboards Followup / Paranoia
On 2013-11-07 09:54, Nathan England wrote:
> what if someone were to intercept the keyboard I purchase and
> place a keylogger in the firmware? Is it possible to detect a
> keylogger built in the firmware of a keyboard? Do all keyboards
> have firmware?


This seems like a *really* high level of paranoia, but anyway: All
keyboards have at the very least a microcontroller that does debouncing,
translates keypresses into scancodes, and sends those scancodes down the
wires. USB keyboards have that stuff and chips that translate
keypresses into packets that conform to the HID specs.

Theoretically, a USB keyboard could be not just a HID device, but
another USB device (mass storage?) containing an executable. Some
devices have done similar things; there were some USB disks that
presented themselves as both a CD-ROM device containing Windows device
drivers and a mass storage device. There's a standard for this behavior
though, something like "Multi-LUN storage device", and I don't know if
there's a similar thing for HID.

> Could the USB cable itself be a keylogger?
> How would you go about detecting that?


The cable could have a small logging device in it. However, a logging
device would make the cable a *lot* more expensive than a regular cable.
Retrieving data from a logging device like that would probably require
someone to physically touch the cable or at least get very near it.

As for detecting something like this, it's really difficult to prove a
negative. I suppose you could take high-res X-ray photos of a known
good USB cable and a suspect one and compare them. This would not be
cheap. Or you could make it so there's only 1 USB device plugged in
(the suspect keyboard), run a USB snooper, and look for suspicious USB
packets. This would take a lot of time.

(Also, I've tried to do USB snooping on some things, and none of the
Windows USB snoopers I used seemed to work that well.)

--
Crow202 Blog: http://crow202.org/wordpress
There is no Darkness in Eternity
But only Light too dim for us to see.
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss