Hi, I know this is really old. But I REALLY REALLY would love to get that presentation he's written. Somehow the link's broken. I would really love to know how this works, and the applications that it could be used for.

Well this is interesting. THX for sharing.

So it's basically just a keylogger?

@Gameboygenius

Except it is a keyboard keylogger rather than a software keylogger. So he could replace someone's keyboard alone and steal their passwords. Pretty genius.

Everybody this movie is for real, What this hacker did in a video he posted(link provided below) was reverse engineer an apple firmware update, and using the onboard memory on the keyboard store and run a keylogger and in his demo disabling the W key. His presentation is so cool and I recommend watching the one linked in his powerpoint(in the video) from jesse D'aguano:

google:"securitytube apple firmware updates" and the first option is Hacker K. Chen's powerpoint.

Niiiiice

Sweeeeet

lol@a few comments saying that apple is secure

bullsh!t...

this is defcon this is for real

so much for apples security claims. Also it's been how many months since this leaked and the firmware for the keyboards hasn't been lost

ok well in order to get my keystrokes the hacker has to has access to my keyboard. and i dont let anyone use my computer without me watching them

This video, if its legit, proves a concept. If the micro-controller firmware can be further modefied, its lethality can be simply awesome.

But improve the footage quality so that we can figure out better whats happening !!!

Or, you can look at the link I provide in the description which details the exploit and links to the 900 page presentation released by K. Chen that details how to replicate this exploit.

@DigitalSocietyOrg I can't understand what's going on, From my understanding they turned the keyboard into a keylogger?

PS. Link in description = Error 404 not found.

This is a poorly done video.

1. it doesn't really explain well enough to the everyday person what is going on. I'm a power user of computers (not a hacker) and I barely understand what's going on

2. you need to increase the font size to say at least 36 points so that we can actually see both screen and keyboard at the same time. The video shots of the screen is blurry and often illegible.

If you follow the link in the description, it puts everything in proper context. The video was never meant to stand on its own, but about 50K more people saw the video without reading the article.

As for the quality of the video, it was an improvised setting lacking tripod and dedicated microphone. Font size could have been much bigger, but hind sight is 20/20. These problems will be fixed for future videos.

it doesnt matter, its legit. He proves that the apple-keyboard is hackable. He can store a keylogger and stuff that infects your harddrive even after you make a complete restore of your computer. And since the keyboard is always seen as safe by all Virus scanners and such, it cant be found or deleted.

@thibaulthalpern fuck off loser

@thibaulthalpern Fake. The title is misleading.

This won't root the computer. It is merely a key loger. There is noting to fear about this. Physical access is require to install the firmware. With physical access he could have install a loger on the OS or as a usb dongle.

Would have been more interesting if the people in the background would STFU!!

you type asdf and it's asdf, okay.. then now what.. :D

Read the article in the description.

If the keyboard can log your typing, it can capture your password. If the keyboard can insert commands into the host computer, it can tell the computer to open a connect back bash shell or it can get rootkit via command line.

If you don't know what this means, it basically means you've been owned remotely by someone anywhere on the Internet.

@DigitalSocietyOrg I know it your own post and all, but you comment is misleading and don't deserve the thumb up. If anyone can flash the firmware of any usb device over the fucking intertubes you are already rooted. Installing a keyloger will only allow to grab password and gain access on more computer system.

Also, APPLs are ass holes. Simple device usb like mouse and keyboard should be on rom. They probably use the wireless keyboard platform and just add a usb cable to save money. Fuck 'em.

lol That's freaking clever, excellent work, I just hope Apple patch this soon or the effect could be devastating, especially to the many Apple notebook users. All they have to do is lock the keyboard firmware with one patch, what's so hard about that?

A vulnerability has been reported in Mac OS X, which can be exploited by malicious people with physical access to a system to bypass certain security restrictions.Its called FIRMWARE

Steve Jobs or the geniou K,chen should block it

Except that you can do this remotely with one of the many exploits for Safari, QuickTime, and Firefox. Lots of new zeroday exploits were shown on the Mac and iPhone at BlackHat and DEFCON.

I loled so hard at your stupidity that I had to go to the hospital for a bone fracture.

You seems to have no idea what Mac OS X is, nor what is a firmware.

Wow, the stupidity of fanboys in these comments is mind boggling :)

Great work Mr. Chen, thanks for bringing this into the spotlight. Also don't worry about the negative comments, you guys got the point across , that's what matters.

Good point, this is not an OS issue. It's a hardware problem with Apple products which affects anyone using these keyboards. I have Windows user friends who use Apple keyboards.

Sadly this is just bad engineering on apple's part. If only their user base were as vocal in demanding a fix, or at the very least be aware that anything man made can have flaws. I just hope Apple doesn't try to shut you guys up, like that 13 year old girl in UK who's Ipod blew up.

It is quite sad that some Apple users are more angry at the researcher for pointing out these flaws than they are at Apple for putting out flawed products.

You can hardly hear what they are saying with all the noisee in the background.

Nice Thinkpad though (Thinkpad>>>>>all)

Yeah thanks, it's an X200 with 2.4 GHz Penryn processor. Super light laptop with 6-10 hours battery life and fast enough to encode video with Handbrake/x264.

It's never good to use the built-in Mic on a camera. Next time, I'll use a separate Mic and mux the audio in so that it sounds better.

I hate to be negative but hackers should know better.

Please increase the font size in notepad so that you can easily see what is being typed, and then tell the people in the background to shut the **** up.

It would be a better proof if you typed then the keyboard waited 30 seconds and then typed the saved text. This would illustrate it was a program running instead of maybe a macro.

It's the press room at DEFCON. I don't own that room.

In hind sight (which is always 20/20), I should have used larger fonts to make it easier to see.

LOL, mactards get owned again

The OS doesn't matter. He manipulated the firmware of the keyboard, and the firmware is a part of the keyboard itself. So even if you would re-install your OS the hack will still work.

This works on every OS.

the keyboard got hacked, it has NOTHING to do with windows

It's the keyboard which is used standard for the iMacs so everyone using one can get hacked

i was just saying i would buy another keyboard for about 50 bucks ... but how much does a good antivirus cost ... i'll give you a hint it is about 100 ... ok ok free stuff is out there but as a sales men i do like it when people buy something they know is secure

100 bucks for an antivirus? Which planet are you on? PC owners are not like apple users, we don't overpay for everything

I second that!

ahaha, well said.

Get it to your head that this isn't a PC or Mac issue. I know PC users who use this Apple keyboard because they like the styling. If the keyboard gets infected, it can compromise any operating system including Mac, Windows, Linux.

This is a problem with Apple hardware that could easily be fixed by locking the firmware. Apple may not fully block this exploit so K. Chen might eventually have to release a self locking tool so that you can lock it yourself.

Actually this is a firmware hack nothing to do with OSX/UNIX if you watch the video closely you will notice the keyboard is connected to a Lenovo ThinkPad running Windows Notepad.exe for the test. That said it is a vulnerability that should be fixed. Though I'm not seeing an obvious way to use that for an exploit right now cause the way they demo it, it can store the last 5 characters and paste them back in reverse order with the enter key, unless they could code it to log to a file.

Windows and PC aren't interchangeable terms.

Regardless, it's a firmware exploit. The keys are logged on the keyboard's firmware and are then repeated back (in reverse order) when pressing a certain series of keys).

Technically, windows and PC aren't yes, but everyone uses them as such. It's becoming more of a standard. (mac vs. PC etc. etc.)

Interesting hack, awful video work... with the camera moving everywhere, a skeptic could say, "oh someone typed it in on one of the off-screen keyboards!". You don't even see the effect of a "ghost" typing, it all just "oh, woops, look at that, the letters appeared.". Lame. Like I said, nice hack, awful presentation.

OK smart guy, do you actually think I'd fake this thing by using panning tricks? Wouldn't it be easier to just use a special trick program? What's there to be skeptical about? Chen released 900+ pages of slides to show you exactly how to do this.

As for "awful video work", you try and do this on the fly while trying to work the manual focus in macro mode and conduct an interview in a noisy room. Let's see what you can produce.

He's not saying you faked it, he's saying cause of your appalling video work that someone could claim that it was faked. Get a tripod.

Anyone who's going to say we faked it with the video is hopeless anyways. If we wanted to fake this, we would do it with simple software loaded in the computer. A tripod wouldn't help in this situation because I'd still have to pan between the keyboard and the screen. Someone's suggestion to use bigger fonts was a good one, and I plan on getting a mic anyways.

Is this studio level production? No. Can I do better, yes. Was his gripe intelligent? No.

That is a brilliant hack. Kinda makes you wonder what other firmwares can be modified for clandestine spying. Mouse? Printer? Monitor? Wifi card?