The conference paper: http://www.blackhat.com/presentations/bh-usa-09/CHEN/BHUSA09...

I submitted it the other day but somehow it got 0 points: http://news.ycombinator.com/item?id=737186

Well, my first impression on reading about this was, basically, "OK, so if somebody manages an exploit which gives them total control of the computer, they can use it to... have total control of the computer. This is news?"

If (that's a big if) this can be made practical, the fact that it depends on you already owning the machine before you use it seems to make it unattractive; if you've already got that access, there's more interesting stuff you can do.

Or with a USB key and 18seconds alone with a machine you can undetectably infect it in such a way that a full disk wipe and reinstall doesn't clean it.

More interesting now?

So now it's "someone who has unfettered physical access to the machine can take advantage of that"?

I'm just not impressed in general by hacks which begin with "first you must achieve a complete breach of the target machine's security..."

Maybe the title wasn't titillating enough? Or maybe it was the link to scribd (I avoid scribd, its just a personal annoyance thing though).

Or maybe people here would rather read a brief news summary than a paper? Who knows :)

The $64,000 question: Why is Apple shipping keyboards with flashable firmware? The USB keyboard standard has been finalized for a rather long time.

As the article says: they ship hardware after virtually no public testing, so they often find bugs. More than one model of Apple keyboard has required updates in the field. $64k, please.

On the other hand: physical access to hardware leads to pwnage, film at 11.

The attack doesn't require physical access. It makes rooting potentially undetectable and unfixable.

It also uses a very unexpected attack vector, which means there could be some surprising effects. Remember slow-propogating floppy disk viruses? Think about the way keyboards are shuffled around offices.

What do you think the firmware implements? Exactly, that USB HID standard. The fact that it is flashable makes it easy to fix bugs. All software has bugs.

It is a great hack. But as someone else already posted here: physical access to hardware ... game over.

> All software has bugs.

I challenge you to find a bug in the firmware of my IBM Model M keyboard, circa 1984.

Article says: “he feared harassment from staunch Apple fans who actually believe those Mac versus PC security commercials”.

Here’s an advice, don’t make statements like “the many weaknesses in Mac OS X and Apple applications” or “Apple had a tendency to rush hardware to market” unless you can back these up.

You already made a significant exploit which no-one can dispute, don’t give “staunch Apple fans” a reason to dismiss the article.

He backs them up with a link at the beginning of the article.

Is it just me, or has there been an increase in the amount of attacks on apple hardware? Either that or I just seem to be more aware of them.

Apple's increasing popularity seems to be attracting more hackers to target the platform. This attack combined with an iTunes Buffer Overflow attack could lead to fair amount of serious security breaches.

"Is it just me, or has there been an increase in the amount of attacks on apple hardware?"

People love to be in the spotlight. If you can produce a story which involves Apple, you will get to be in the spotlight. It's as simple as that.

I think this is interesting but if you have enough physical access to the computer to install a keyboard that is compromised then you probably already enough access to compromise the computer in dozens of other ways.

I would be more worried if they had found a way to broadcast keystrokes over bluetooth on the nice wireless keyboard that I am using now :-)

Just place a rogue receiver somewhere near.