Keyloggers are nasty little things that have the potential to steal the credit card numbers of you and everyone you care about. Usernames and passwords can be easily stolen this way, so they’re a useful tool for the black hats out there. One would generally expect to find a keylogger in a dodgy movie torrent or perhaps a keygen for pirated software, but this week a keylogger was found in an audio driver for an HP laptop.
The logger was found by Swiss security researchers modzero. The Conexant HD Audio Driver Package version 126.96.36.199 and earlier apparently logs keystrokes in order to monitor things like the laptop’s volume up and down keys. The real killer here is that it feels the need to log all keystrokes detected to a readily accessible file, for reasons we can’t possibly fathom. It’s a huge security risk, but it doesn’t stop there – the driver also exposes the keystrokes through an API as well, creating an even wider attack surface for malicious actors. One can in principle access the keystroke log remotely.
There’s no word from the company yet, but we really want to know – why save the keystrokes to a file at all? Code left over from debugging, perhaps? Speculate in the comments.
Ubuntu just came out with the new long-term support version of their desktop Linux operating system. It’s got a few newish features, including incorporating the “snap” package management format. One of the claims about “snaps” is that they’re more secure — being installed read-only and essentially self-contained makes them harder to hack across applications. In principle.
[mjg59] took issue with their claims of increased cross-application security. And rather than just moan, he patched together an exploit that’s disguised as a lovable teddy bear. The central flaw is something like twenty years old now; X11 has no sense of permissions and any X11 application can listen in on the keyboard and mouse at any time, regardless of which application the user thinks they’re providing input to. This makes writing keylogging and command-insertion trojans effortless, which is just what [mjg59] did. You can download a harmless version of the demo at [mjg59]’s GitHub.
This flaw in X11 is well-known. In some sense, there’s nothing new here. It’s only in light of Ubuntu’s claim of cross-application security that it’s interesting to bring this up again.
And the teddy bear in question? Xteddy dates back from when it was cool to display a static image in a window on a workstation computer. It’s like a warmer, cuddlier version of Xeyes. Except it just sits there. Or, in [mjg59]’s version, it records your keystrokes and uploads your passwords to shady underground characters or TLAs.
We discussed Snappy Core for IoT devices previously, and we think it’s a step in the right direction towards building a system where all the moving parts are only loosely connected to each other, which makes upgrading part of your system possible without upgrading (or downgrading) the whole thing. It probably does enhance security when coupled with a newer display manager like Mir or Wayland. But as [mjg59] pointed out, “snaps” alone don’t patch up X11’s security holes.
As Cold War tensions increased throughout the 1970s, the Soviets pulled out all the stops when it came to digging up information from US diplomats. This NSA memo from 2012 explains how several IBM Selectric typewriters used in the Moscow and Leningrad offices were successfully bugged with electromechanical devices that could possibly have been the world’s first keyloggers.
The Selectric prints with a ball that is spun and tilted to select the desired character. Two mechanical arms control the ball’s spin and tilt, and the keylogger read out the position of those arms. Thus, each character on the Selectric’s type element ball has its own signature. The sensing part of the keylogging mechanism was buried in part of the typewriter chassis, a metal bar that spans the width of the machine, and were so well hidden that they could only have been detected by complete dissassembly or x-ray.
Continue reading “Retrotechtacular: Cold War-Era Hardware Keyloggers”
Do you need to keep tabs on the kids while they browse the Internet? How about your husband/wife – do you suspect they are dabbling in extra-curriculars on the side? Hey, you’ve got your
insecurities reasons, we won’t judge. We will however, show you what [Jerry] over at Keelog has been working on lately.
While the company sells hardware keylogger kits online, [Jerry] has relied on, and understands the importance of open source. Since we all benefit from things being open, he is giving away all of the details for one of his most recent projects, a wireless keylogger. The keylogger plugs in to a PC’s PS/2 port, and wirelessly sends data to a nearby USB dongle up to 20 yards away, all in real-time.
A detailed parts list is provided, as are schematics, PCB masks, firmware, and assembly instructions. However, if you prefer the easier route, you can always buy the completed product or a DIY kit.
This isn’t the first open source keylogger he has released, so be sure to check out his previous work if you prefer a wired keylogging solution.
This very informative talk given at Shmoocon 2011 has been posted over at IronGeek. Covering all kinds of angles that a person could attack someones computer through the USB port, this should be read by anyone who is security minded at all. No matter which side of the port you tend to be on, this article has great information. They cover some common attack methods such as keyloggers and fake keyboards as well as some common methods of securing your system against them. We’ve actually seen this in the news a bit lately as people have been using the keyboard emulation method in conjunction with android phones to hack into systems.
The 2009 edition of the Black Hat security conference in Las Vegas has just begun. The first interesting talk we saw was [Andrea Barisani] and [Daniele Bianco]’s Sniff Keystrokes With Lasers/Voltmeters. They presented two methods for Tempest style eavesdropping of keyboards.
Continue reading “Black Hat 2009: Powerline And Optical Keysniffing”
Hardware Keylogger solutions has released the plans and files for their wireless logger. It has a range of about 50 yard between the transmitting dongle and the receiver. It is based around an Atmel AT91SAM7S64 and the PCB is pretty tiny. In case you hadn’t noticed yet, they sell them as well. The cool thing about this is that key data is transmitted in real time, allowing you to see it as it happens instead of having to go retreive the log physically like you used to.