Re: Keyboards Followup / Paranoia

Top Page
Attachments:
Message as email
+ (text/plain)
+ (text/html)
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Havens
Date:  
To: Main PLUG discussion list
Subject: Re: Keyboards Followup / Paranoia
paranoia keeps us safe!

:-)~MIKE~(-:


On Thu, Nov 7, 2013 at 10:42 AM, Matt Graham <> wrote:

> On 2013-11-07 09:54, Nathan England wrote:
>
>> what if someone were to intercept the keyboard I purchase and
>> place a keylogger in the firmware? Is it possible to detect a
>>
>> keylogger built in the firmware of a keyboard? Do all keyboards
>> have firmware?
>>
>
> This seems like a *really* high level of paranoia, but anyway: All
> keyboards have at the very least a microcontroller that does debouncing,
> translates keypresses into scancodes, and sends those scancodes down the
> wires. USB keyboards have that stuff and chips that translate keypresses
> into packets that conform to the HID specs.
>
> Theoretically, a USB keyboard could be not just a HID device, but another
> USB device (mass storage?) containing an executable. Some devices have
> done similar things; there were some USB disks that presented themselves as
> both a CD-ROM device containing Windows device drivers and a mass storage
> device. There's a standard for this behavior though, something like
> "Multi-LUN storage device", and I don't know if there's a similar thing for
> HID.
>
>
> Could the USB cable itself be a keylogger?
>> How would you go about detecting that?
>>
>
> The cable could have a small logging device in it. However, a logging
> device would make the cable a *lot* more expensive than a regular cable.
> Retrieving data from a logging device like that would probably require
> someone to physically touch the cable or at least get very near it.
>
> As for detecting something like this, it's really difficult to prove a
> negative. I suppose you could take high-res X-ray photos of a known good
> USB cable and a suspect one and compare them. This would not be cheap. Or
> you could make it so there's only 1 USB device plugged in (the suspect
> keyboard), run a USB snooper, and look for suspicious USB packets. This
> would take a lot of time.
>
> (Also, I've tried to do USB snooping on some things, and none of the
> Windows USB snoopers I used seemed to work that well.)
>
> --
> Crow202 Blog: http://crow202.org/wordpress
> There is no Darkness in Eternity
> But only Light too dim for us to see.
>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss