This Teddy Bear Steals Your Ubuntu Secrets

Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.

[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.

This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.


And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.

We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.

Retrotechtacular: Cold War-Era Hardware Keyloggers

As Cold War tensions increased throughout the 1970s, the Soviets pulled out all the stops when it came to digging up information from US diplomats. This NSA memo from 2012 explains how several IBM Selectric typewriters used in the Moscow and Leningrad offices were successfully bugged with electromechanical devices that could possibly have been the world’s first keyloggers.

The Selectric prints with a ball that is spun and tilted to select the desired character. Two mechanical arms control the ball’s spin and tilt, and the keylogger read out the position of those arms. Thus, each character on the Selectric’s type element ball has its own signature. The sensing part of the keylogging mechanism was buried in part of the typewriter chassis, a metal bar that spans the width of the machine, and were so well hidden that they could only have been detected by complete dissassembly or x-ray.

Continue reading “Retrotechtacular: Cold War-Era Hardware Keyloggers”

DIY wireless keylogger makes you feel like James Bond (In your own little world)


Do you need to keep tabs on the kids while they browse the Internet? How about your husband/wife – do you suspect they are dabbling in extra-curriculars on the side? Hey, you’ve got your insecurities reasons, we won’t judge. We will however, show you what [Jerry] over at Keelog has been working on lately.

While the company sells hardware keylogger kits online, [Jerry] has relied on, and understands the importance of open source. Since we all benefit from things being open, he is giving away all of the details for one of his most recent projects, a wireless keylogger. The keylogger plugs in to a PC’s PS/2 port, and wirelessly sends data to a nearby USB dongle up to 20 yards away, all in real-time.

A detailed parts list is provided, as are schematics, PCB masks, firmware, and assembly instructions. However, if you prefer the easier route, you can always buy the completed product or a DIY kit.

This isn’t the first open source keylogger he has released, so be sure to check out his previous work if you prefer a wired keylogging solution.

Plug and Prey: Malicious USB devices

This very informative talk given at Shmoocon 2011 has been posted over at IronGeek. Covering all kinds of angles that a person could attack someones computer through the USB port, this should be read by anyone who is security minded at all. No matter which side of the port you tend to be on, this article has great information. They cover some common attack methods such as keyloggers and fake keyboards as well as some common methods of securing your system against them. We’ve actually seen this in the news a bit lately as people have been using the keyboard emulation method in conjunction with android phones to hack into systems.

[thanks Adrian]

Black Hat 2009: Powerline and optical keysniffing


The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.

Continue reading “Black Hat 2009: Powerline and optical keysniffing”

Build a wireless keylogger

wireless_keylogger_schematics (Custom)

Hardware Keylogger solutions has released the plans and files for their wireless logger. It has a range of about 50 yard between the transmitting dongle and the receiver. It is based around an Atmel AT91SAM7S64 and the PCB is pretty tiny. In case you hadn’t noticed yet, they sell them as well. The cool thing about this is that key data is transmitted in real time, allowing you to see it as it happens instead of having to go retreive the log physically like you used to.

Twittering keylogger


[Kyle McDonald] sent in his latest project, a software keylogger that twitters what you type. He wrote it using C++ and OpenFrameworks. It logs each keystroke, then it posts to twitter 140 characters at a time. To protect himself, he set up a whitelist of private strings like passwords and credit card numbers that would be stripped before posting. If the twypewriter followed him, his keystrokes could be recreated.

[thanks Kyle]