Detecting a hardware keylogger

[ampakine]

I broke my laptop keyboard a while ago so I ordered a new one on ebay. Being the paranoid bastard that I am I wanna make sure that the seller didn't plant a keylogger on it. I forgot to physically inspect it before installing it and I don't feel like disassembling it again so what would be the easiest approach to determining if this keyboards keylogger free? I'm on ubuntu and I reinstalled it yesterday so there are only 3 or 4 programs I've installed on top of the default installation. Would the best approach be to use apparmor to find out what programs automatically communicate with external servers so that I can narrow it down and determine if there is any outbound traffic that isn't being send by any of the linux programs I have installed?

[Gatito]

I forgot to physically inspect it before installing it and I don't feel like disassembling it again

If you were really that paranoid you would disassemble it 3 times a day. If it bother you that much go buy a USB keyboard and use that, oh wait maybe that has a keylogger too so that won't do.

Would the best approach be to use apparmor to find out what programs automatically communicate with external servers so that I can narrow it down and determine if there is any outbound traffic that isn't being send by any of the linux programs I have installed?

Sounds like a solid plan, go for it!

[neuromanta]

If it is a hardware keylogger, then you won't detect it using software, or at least you can't detect it as a software. You could sniff your network communication stream, and look for any anomalies. But the best method is to disassemble the keyboard and reverse engineer it completely.

[ampakine]

If you were really that paranoid you would disassemble it 3 times a day. If it bother you that much go buy a USB keyboard and use that, oh wait maybe that has a keylogger too so that won't do.

lol. I'm not quite that paranoid. Unless I've stayed up 3 days on meth.

If it is a hardware keylogger, then you won't detect it using software, or at least you can't detect it as a software. You could sniff your network communication stream, and look for any anomalies. But the best method is to disassemble the keyboard and reverse engineer it completely.

I love reverse engineering stuff so I might just do that. I've taken apart keyboards before, they're extremely simple so it would be easy to spot something that doesn't belong. Only objection I have to this is I usually brake things when I take them apart. Its those ribbon cables. They're a bastard to get back into the slot and so easy to snap.