It seems that will be no rest in store for the Apple guys in the coming days.
Just last week, Apple had their hands full in fixing a critical bug that made iPhones susceptible to attacks carried out via SMS. Now, MacWorld reports another Apple device vulnerable to attacks. This time, its their keyboards.
The vulnerability was discovered by K. Chen, and he gave a talk about it at the Blackhat. He demonstrated that a malware that keeps track of what users type – popularly known as a keylogging application – could be installed in the keyboards, via their firmware. Hackers and scammers use this to retrieve passwords entered by a user.
Apple’s keyboards (both laptop and iMac keyboards) has about 8K of flash memory, and 256 bytes of working ram. This is enough space for a keylogging program to be installed.
And the worst part is, the keylogger is virtually undetectable even with the use of malware-scanning tools since the malware is not in the hard drive.
This is clearly a huge security problem that Apple needs to address; otherwise, I won’t be surprised to find more news about scams and hacks done through this vulnerability, splattered on the Web.