Keyboard Security

The $1399 funding option and above (librem 5) say that a keyboard and a mouse are included. This made me question the security of any keyboard, and if yours are checked for malicious software in it.

I may understand this wrong, (I’m not a tech guy) but if any hardware can have software in it, does this theoretically mean that a keyboard you buy can compromise your security by recording logs (key hits & patterns) and then send them over to a server?

Thank you

2 Likes

Attacks have been demonstrated that used keyboard firmware.

i don’t know of any cheap wired keyboards that have chips that can be compromissed in such ways as you describe.
perhaps in order to exploit a keyboard like that you need a model that is wireless and has additional macro or programability functions onboard like many of the GAMER oriented brands that come with proprietary 3d party installs for rgb/profiles/scripts/on-board memory etc. in short we have to be specific about what the actual TYPE of keyboard it is.

That does not mean that such keyboards do not exist.

No, a keyboard does not need to be a wireless keyboard or a gamer keyboard in order to be exploitable. See Chen’s paper, via the link above.

so it is - hacker > keyboard > pen > sword
so who hacks the hacker ? brain-computer-interface ?

Logitech’s Unifying is totally compromised. Don’t use wireless anything.

[citation needed] but, here, I’ll give you a citation, complete with CVEs: https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/

That’s probably a bit strong but for sure wireless is an additional exposure that wired doesn’t have.

However that wasn’t actually the original question. The original question was about attacks against the firmware of the keyboard, not attacks against the over-the-air protocol. The original question applies as much to wired keyboards as it does to wireless keyboards.

It isn’t entirely clear whether the specific referenced keyboard (part of the $1399 phone + 24" monitor bundle) is wired or wireless but I would lean towards wired.

wireless would healthier if it was unidirectional instead of omni-directional as is the case with unifying receivers and the like … until then i prefer wired for less radio interference …