Re: Keyboard hack could leave your Mac completely vulnerable - MacFixIt

[David Farber <dave () farber net>]

Begin forwarded message:

From: Jeff Porten <civitan () jeffporten com>
Date: August 3, 2009 6:46:53 PM EDT
To: dave () farber net
Subject: Re: [IP] Keyboard hack could leave your Mac completely  
vulnerable - MacFixIt

George Ou does not exactly have the sort of standing credibility on  
Mac issues which would allow him to get away with an anonymously- 
sourced attack. I can't say that this attack is impossible, but here's  
my initial take on the article referenced:

1) "The researcher explained that he goes by the name "K. Chen"  
because he feared harassment from staunch Apple fans who actually  
believe those Mac versus PC security commercials." Ou's implied  
ridicule of such people does not exactly support the contention that  
his views are unbiased -- and I'd wager that 90% of said group  
gathered that impression long before the commercials were aired,  
mostly from first- and second-hand experience.

2) "I had Mr. Chen demonstrate his possessed keyboard on my computer."  
This and other references in the article implies a firmware hack,  
which says nothing about the vector for getting the hacked firmware  
onto the keyboard. Yes, I'm willing to gather that there are many  
security flaws which can be exposed by someone who can arbitrarily  
connect hardware to your computer -- but this would be considered a  
low-probability threat.

3) "To infect your keyboard, the attacker only needs to exploit one of  
the many weaknesses in Mac OS X and Apple applications." I'm aware of  
no security flaws which would allow installing new keyboard firmware  
(that is, without already having root-level access to the Mac), and  
further, I'd love to see a list of the "many weaknesses" in OS X and  
Apple applications. (Does Apple publish many applications for OS 9?  
System 7?) There aren't any issues I'm actively tracking for my  
clients that aren't related to Flash and Java -- and those have been  
patched.

4) "This type of attack which is resilient against a full hard drive  
wipe is considered the holy grail of computer hacking because the  
hardware has been infected." The holy grail of computer hacking is a  
rootkit which the user is not aware of -- infinite use of the targeted  
computer is better than one which the user is actively trying  
countermeasures.

5) "The cleaner solution Mr. Chen is proposing is that Apple should  
simply lock the Keyboard firmware from any future modifications since  
the keyboard doesn't implement any digital signature protection."  
Which would likely kill the aftermarket for 3rd-party keyboards (and  
perhaps other USB devices), and would expose Apple to a great deal of  
user blowback that they were implementing an iPhone closed ecosystem  
on the Mac. If Mr. Chen's analysis is as good as his hacking, I'm even  
less worried about this threat. If I had any idea who Mr. Chen was,  
I'd be able to confirm this myself.

In short -- Ou is a known yahoo, and this strikes me as more FUD. I'll  
believe this when I see confirmation from a respectable source.

Best,
Jeff Porten





-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com