Phone Disguised as Keyboard Can Hack Computer

[Marcus Yam]

You know it's a phone, but does your computer know that?

Phone Disguised as Keyboard Can Hack Computer : Read more

 

[aznguy0028]

"Of course, like the case of staying safe in the real world, just be careful where you choose to plug your ports (or what you allow to be plugged into your ports)."

GIGGIDY!

 

[barmaley]

Now they are going to make keyboards that will function as "keyboards" but will also have cell phones built into them. That way it will act as a key logger and will email out credit card numbers and passwords via cell phone network. No firewall will ever save you from that. They can make the keyboards look like generic ones from Dell and Microsoft. So, the new generation of burglars will not steal your grandma's engagement ring. They'll steal your keyboard and replace it with their own and then max out your credit cards and take everything you have in the bank!

I love technology, but I hate it when it turns around and bite me in the ass!

 

[joytech22]

Ooh! maybe now I can secretly upload a bandwidth capper onto a few computers and have it all to myself mwahaahw!

Or I could get into serious trouble, sooo not going to happen.

 

[cmcghee358]

This is precisely why you can no longer plug in any personal or unauthorized USB device into an Air Force computer. I can't go into specifics, but needless to say this was a long standing breach that was exploited by our neighbors for YEARS.

 

[Scott2010au]

The Defence forces appear far more concerned about data theft than being hacked. The most secure machines & staff will not even be exposed to the cellular network in the first place - by various means.

 

[Onus]

Didn't Stuxnet get in on a USB drive?

 

[guardianangel42]

[citation][nom]jtt283[/nom]Didn't Stuxnet get in on a USB drive?[/citation]Thats the running theory. I'm sure no one really KNOWS how exactly a sophisticated virus got onto Iranian computers that were isolated from the internet via hardware but the most likely method of delivery is USB.

I don't know the code of the thing (And even if I did I'd still be clueless) but it might contain the ability to piggyback on a burn process. I'm not really sure.

 

[Scott2010au]

I believe Symantec have the answers you are looking for re: Stuxnet

Google: +Symantec +Stuxnet

There's a good YouTube video here: http://www.youtube.com/watch?v=cf0jlzVCyOI

Yes, They believe it was via USB key.

 

[Kylehume]

I think that's good advice for your 'personal' life, too-

"just be careful where you choose to plug your ports (or what you allow to be plugged into your ports)."

 

[jaybus]

Given physical access and ample time, there is no machine that is not hackable. Now what is scary is Bluetooth.

 

[house70]

[citation][nom]aznguy0028[/nom]"Of course, like the case of staying safe in the real world, just be careful where you choose to plug your ports (or what you allow to be plugged into your ports)."GIGGIDY![/citation]
+100

 

[chickenhoagie]

[citation][nom]barmaley[/nom]Now they are going to make keyboards that will function as "keyboards" but will also have cell phones built into them. That way it will act as a key logger and will email out credit card numbers and passwords via cell phone network. No firewall will ever save you from that. They can make the keyboards look like generic ones from Dell and Microsoft. So, the new generation of burglars will not steal your grandma's engagement ring. They'll steal your keyboard and replace it with their own and then max out your credit cards and take everything you have in the bank!I love technology, but I hate it when it turns around and bite me in the ass![/citation]
Pretty good point. But i think manufacturers would be much more easily caught making these malicious keyboards compared to people who simply write keylogging scripts, viruses, etc. So to be a victim of buying a malicious keylogging keyboard, I think is a little bit farfetched, but not impossible I suppose. I guess thats why I always shop at newegg

but besides that, the hacking of USB ports isn't really that huge of an issue. The only time this truly exploits a computer is when restrictions are put on a computer such as a computer in the workplace that is on a domain. Otherwise anyone can just as easily plug in a keyboard to a computer, download viruses, download keyloggers and track everything back to themselves. if that makes any sense at all? Pretty crazy hack though.

 

[DSpider]

No notification at all on Linux ? Ahem. First of all, there are three attributes to files (and mounted filesystems) in Linux:

Read-Only
Read and Write
Execute

If you want to hide a file or a folder you simply add a dot in front of it (eg. ".Porn").

So USB devices (even data partitions) can be set to read-only and not execute, by default.

"Data partitions should always be mounted with option NOEXEC and NOSUID, as there should never be the need for a program to run from such a partition. And especially not with root privileges!
If you don’t plan to install any programs in your home folder, you can also set NOEXEC on the /home partition. NOSUID should always be set on /home."

(source)


If you really wanted a stupid notification I'm sure there's something that can read the Vendor, Product ID, Manufacturer, Revision, Serial Number, etc, etc. like what VirtualBox detects (PUEL not OSE; the one with USB support). But most Linux users would probably just run fdisk -l.

 

[hixbot]

What's the big deal? Something that can physically connect to a computer can control the computer. That's normal operating procedure. If you don't want someone controlling your computer with a phone, or keyboard and mouse for that matter, don't give them physical access.

 

[DSpider]

It's how you hide files on Linux, yes. It might sound funky if you're used to Windows but it's actually a pretty good idea. Think about it, how many times do you actually hide files ? Or rename them with a dot in front. Almost never.

Plus, Linux is open. The EXT4 filesystem (in contrast to NTFS) lets you rename files and folders whatever the hell you like. So no more restriction in using question marks, quotes, or the asterisk, "|", "\", etc. Except for "/", obviously.

But we're getting offtopic here... Point is Windows hidden files are always visible on Linux (and vice versa, Linux hidden files are always visible on Windows) - unless, of course you rename them with a dot in front and apply the hidden attribute.

 

[Guest]

"problem is that operating systems do no prompt the user"

Do no prompt? Who's editing this crap anyways?

 

[applegetsmelaid]

Hack me! Hack Me!

 

[eddieroolz]

Interesting story. Technology is a double-edged sword.

 

[Guest]

I read a while back that the mac keyboards with microcontrollers inside them can be programed to log everyhing you type and send the logs to a specific e'mail address... all without you even knowing wht happened. Sounds like a nice plan to empty someones bank account. :S

 

[Scott2010au]

Every time you press a key on the keyboard it will be 'visible' on the electro-magnetic spectrum.

The key logger need not be 'inside' the keyboard, it could be inside a pen that houses something similar to a mobile or cellular phone, that in turn relays the data.

This would only be 'tiered' once, and much harder to detect that replacing keyboards.

It also means the device 'does not' have to be smuggled out.


If I can come up with this in 5 minutes, imagine what an intelligence agency could do?

 

[DSpider]

If I can come up with this in 5 minutes, imagine what an intelligence agency could do?

There's an audio podcast called "Securty Now" and they did an episode where they mentioned an algorithm based on sound that guesses something like 98% of the keyboard strokes (which is a pretty high number for "blind" hacking).

So they essentially need to bug your room or tap your phone / mobile phone. They even talked about remote listening through frigging lasers targeted at a specific office building (they bounce off the glass and send the sound bytes from, oh, a few kilometres away). Or simply using directional microphones, like from a room bellow, a room next to you, or from the next building, etc.

If they're out to get you, they will. No doubt about it.

 

[Scott2010au]

Unless the passwords change every 15 seconds, with only a 45 second 'safe' window.

---> Slow typists need not apply!