Jump to content
xisto Community
Sign in to follow this  
Jimmy

Can You're Keyboard Be Trusted? This is frightening

Recommended Posts

After following serverph's link to a wiki article on stenography (that how to spell?) I noticed something that is actually quite worrying...

A new steganographic technique involves injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. There is no extra processor or network activity, so the steganographic technique is "invisible" to the user. This kind of steganography could be included in the firmware of keyboards, thus making it invisible to the system. The firmware could then be included in all keyboards, allowing someone to distribute a keylogger program to thousands without their knowledge.

Basically what could be done by a cheap keyboard manufacturer is to implement this to "rip off" their customers, stealing passwords, accounts, bank details etc.
Now I think most of us will find this worrying. Never again should anyone buy cheap imported keyboards or ones from "dodgy" makers...

So it's a hardware version of a keylogger!?? sending a different "delay" for each key that is pressed so whoever is on the other end could easily find out whatever you type. Whoever is reading this right now most likely has a keyboard in front of them... can it be trusted?

Scary, I'm just lucky I went with a well-known brand!

Share this post


Link to post
Share on other sites

That would be pretty weird to have someone keylogging you without you even knowing it just because you try to save a few bucks and in some cases you lose all of your money because of stolen credit card numbers and what not. They can use them because you give them all of your information including your name and address. I guess you should only buy from companies you know but even then they could take your info and it'd be least expected but I think that'd be a bigger risk than they can take. People are already worried about losing their information, if this is all true it could make things a bit worse.

Share this post


Link to post
Share on other sites

I don't think a hardware company would be stupid enough to do that, maybe an employee, but not the whole company. Also key loggers are meant not to found anyways, they can be installed through downloading attachments through emails, going to specific websites, or get spyware installed on your computer. Key loggers are hard to trace because of what they are programmed to do and thats log in keys that you type, thats why you always update your Anti virus, spyware software and course update your OS with the security patches that come out. OF course you have to remember most hardware is not made in the US anymore, but I wouldn't doubt they double check the stuff they plan to stamp there name on, or they would have lawsuits up the butt.

Share this post


Link to post
Share on other sites

After following serverph's link to a wiki article on stenography (that how to spell?) I noticed something that is actually quite worrying...Basically what could be done by a cheap keyboard manufacturer is to implement this to "rip off" their customers, stealing passwords, accounts, bank details etc.
Now I think most of us will find this worrying. Never again should anyone buy cheap imported keyboards or ones from "dodgy" makers...

So it's a hardware version of a keylogger!?? sending a different "delay" for each key that is pressed so whoever is on the other end could easily find out whatever you type. Whoever is reading this right now most likely has a keyboard in front of them... can it be trusted?

Scary, I'm just lucky I went with a well-known brand!


Well thats scary. I am using a Dell manufactured keyboard so I think that I am safe. If Dell did this then there will be a huge scandal about to go on. But seriously, I cannot believe that it could steal passwords, accounts, bank details, etc. I guess hackers are gaining a step above us average NOD32 users =.=. Soon our toasters will be hacked! Who knows what technology will lead to.

Share this post


Link to post
Share on other sites

well, I can't replace my keybooard :D it comes 'integrated' with the computer. This is pretty worrying, but you can annoy the server or something, press the same letter over and over hundreds of times, then whoever's watching will get annoyed. a x w!

Share this post


Link to post
Share on other sites

A new steganographic technique involves injecting imperceptible delays to packets sent over the network from the keyboard. Delays in keypresses in some applications (telnet or remote desktop software) can mean a delay in packets, and the delays in the packets can be used to encode data. There is no extra processor or network activity, so the steganographic technique is "invisible" to the user. This kind of steganography could be included in the firmware of keyboards, thus making it invisible to the system. The firmware could then be included in all keyboards, allowing someone to distribute a keylogger program to thousands without their knowledge.

That'd have to be one fancy keyboard to do that without your knowlege. You could easily keylog that way, but how would you send it off without knowlege from the user? Keylogging programs can just send off the data using Winsock or BSD sockets. A firmware stored in the keyboard couldn't do that - the orders would be sent to the keyboard buffer which would be processed by the OS on screen and then the activity would be easily noticed by the user. There'd need to be cooperation with the operating system manufacturers to do anything completely hidden that's without suspicion. Edited by Tetraca (see edit history)

Share this post


Link to post
Share on other sites

That'd have to be one fancy keyboard to do that without your knowlege. You could easily keylog that way, but how would you send it off without knowlege from the user? Keylogging programs can just send off the data using Winsock or BSD sockets. A firmware stored in the keyboard couldn't do that - the orders would be sent to the keyboard buffer which would be processed by the OS on screen and then the activity would be easily noticed by the user. There'd need to be cooperation with the operating system manufacturers to do anything completely hidden that's without suspicion.

Hmm interesting point, but since nowadays most keyboards come with some software or "additional tools". Most users would install these without checking since "it's only a keyboard!"If it contacts the keyboard's manufacurer "trusted" site and you think it's okay and allow it, then those packet delays can be transmitted without being noticed.

It probably relies on the user trusting the keyboard in the first place and not seeing that anything is wrong. - You make a good point nevertheless.. (and all I can say is I'm not completely sure how it would be implemented!!)

Share this post


Link to post
Share on other sites

Hi,

I actually agree with Tetraca but even Jimmy's point is a good one so I too am confused and I think key logging can be done but maybe a person who uses a lot of softwares or is a programmer or something might realize the warning signs but maybe a person who uses a computer for just basics internet uses or is not that knowledgeable with computers might not realize that his information is being sent.

My keyboard's from Microsoft so I don't think I need to worry but people selling shady keyboards are a problem :D

That would be pretty weird to have someone keylogging you without you even knowing it just because you try to save a few bucks and in some cases you lose all of your money because of stolen credit card numbers and what not. I guess you should only buy from companies you know but even then they could take your info and it'd be least expected but I think that'd be a bigger risk than they can take

Yeah I can agree with you Plenoptic and it is recommended that you buy from a company you know and one that has a good reputation.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...

Important Information

Terms of Use | Privacy Policy | Guidelines | We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.