Detecting a hardware keylogger

The constant threat: viruses, trojans, spyware, ... the list goes on

Detecting a hardware keylogger

Post by ampakine on Thu Jun 02, 2011 5:34 pm
([msg=58052]see Detecting a hardware keylogger[/msg])

I broke my laptop keyboard a while ago so I ordered a new one on ebay. Being the paranoid bastard that I am I wanna make sure that the seller didn't plant a keylogger on it. I forgot to physically inspect it before installing it and I don't feel like disassembling it again so what would be the easiest approach to determining if this keyboards keylogger free? I'm on ubuntu and I reinstalled it yesterday so there are only 3 or 4 programs I've installed on top of the default installation. Would the best approach be to use apparmor to find out what programs automatically communicate with external servers so that I can narrow it down and determine if there is any outbound traffic that isn't being send by any of the linux programs I have installed?
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)


Re: Detecting a hardware keylogger

Post by Gatito on Thu Jun 02, 2011 9:20 pm
([msg=58061]see Re: Detecting a hardware keylogger[/msg])

ampakine wrote:I forgot to physically inspect it before installing it and I don't feel like disassembling it again

If you were really that paranoid you would disassemble it 3 times a day. If it bother you that much go buy a USB keyboard and use that, oh wait maybe that has a keylogger too so that won't do.

ampakine wrote:Would the best approach be to use apparmor to find out what programs automatically communicate with external servers so that I can narrow it down and determine if there is any outbound traffic that isn't being send by any of the linux programs I have installed?

Sounds like a solid plan, go for it!
User avatar
Gatito
Poster
Poster
 
Posts: 113
Joined: Tue Mar 08, 2011 12:55 pm
Blog: View Blog (0)


Re: Detecting a hardware keylogger

Post by neuromanta on Fri Jun 03, 2011 1:12 am
([msg=58064]see Re: Detecting a hardware keylogger[/msg])

If it is a hardware keylogger, then you won't detect it using software, or at least you can't detect it as a software. You could sniff your network communication stream, and look for any anomalies. But the best method is to disassemble the keyboard and reverse engineer it completely.
User avatar
neuromanta
Poster
Poster
 
Posts: 302
Joined: Mon Nov 30, 2009 9:29 am
Location: Hungary
Blog: View Blog (0)


Re: Detecting a hardware keylogger

Post by ampakine on Sat Jun 04, 2011 2:09 pm
([msg=58100]see Re: Detecting a hardware keylogger[/msg])

Gatito wrote:If you were really that paranoid you would disassemble it 3 times a day. If it bother you that much go buy a USB keyboard and use that, oh wait maybe that has a keylogger too so that won't do.

lol. I'm not quite that paranoid. Unless I've stayed up 3 days on meth.

neuromanta wrote:If it is a hardware keylogger, then you won't detect it using software, or at least you can't detect it as a software. You could sniff your network communication stream, and look for any anomalies. But the best method is to disassemble the keyboard and reverse engineer it completely.

I love reverse engineering stuff so I might just do that. I've taken apart keyboards before, they're extremely simple so it would be easy to spot something that doesn't belong. Only objection I have to this is I usually brake things when I take them apart. Its those ribbon cables. They're a bastard to get back into the slot and so easy to snap.
ampakine
Experienced User
Experienced User
 
Posts: 65
Joined: Tue May 31, 2011 5:21 pm
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests