The iPhone and MAC OS X hardware vulnerabilities announced back at the BlackHat conference 2009 have already been a headache for Apple, and with this latest breach in its peripherals, another one is added to its list of pains. This one though is far more serious; attackers can now hack your keyboard in less than 18 seconds and only needs to upload 100 KB of data to raise havoc! This loophole was elaborated by K.Chen (Security Researcher) at DEFCON 2009 conference. The keyboard can betray any computer it is attached to by recording your password keystrokes, giving full control to the hacker. Once the Apple keyboard is infected and locked; there is no practical way of undoing the damage that means the keyboard is of no use after that.
In the video below Mr. Chen demonstrates how the hacked keyboard typed the letters in reverse order than what had been typed actually.
When connected to the user’s computer the hacker can fire up a bash connect back shell by launching a console and typing ‘exec /bin/sh 0&0 2>&0’ which would give the hacker full control of the system and could install unwanted root kits. The key logging capability can even work during the boot phase which would unlock additional hardware encryption features! Apple has to come up some solution for this problem soon or they are in for some serious criticism.
Image: Dailymobile :Via: DigitalSociety
