Schneier on Security

A blog covering security and security technology.

« Disarming Soldiers | Main | Speeding Ticket Avoidance »

June 20, 2005

Dell Keyboard Loggers

Many people have sent me the story about Dell Computers selling machines with hardware keyboard loggers built in. The story was scant on details, and smelled like a hoax to me. Snopes has weighed in; they believe it's a hoax too.

Posted on June 20, 2005 at 4:30 PM • 18 Comments • View Blog Reactions

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

The Snopes webpage links to further info on Key Loggers in relation to where the images for the original hoax came from. This link will try infect your computer with JS_FORTNIGHT so be careful.

Posted by: Declan Lynch at June 20, 2005 5:05 PM

If you need a working mirror, I've had this up for a few days at http://www.ioerror.us/wp-content/dell-keylogger/ and unlike the other mirrors, it isn't going anywhere, and it doesn't contain any spyware.

Posted by: IO ERROR at June 20, 2005 5:26 PM

Its an obvious hoax to the extent that no laptop vendor would add 20c to the cost of laptop if they could help it, let alone many tens of dollars.

If they wanted to log the keystrokes, they would just reprogram the keyboard controller BIOS instead. Why add extra hardware when there is a 16 bit RISC core between all local keyboard and mouse actions and the main CPU. If they did that, there is nothing to find unless you disassemble the bios and find the KBC code (its in the same bit of flash, just a different assembler)

-steve

Posted by: Steve Loughran at June 20, 2005 5:43 PM

The text in the hoax seems to be copied from the same page as the image was copied from. This is very revealing seeing that both texts incorrectly label the PIC microcontroller as beeing a "programmable interrupt controller", obviously another meaning of the acronym PIC (but not correct in this case).

Posted by: kju at June 20, 2005 5:50 PM

1. Would anyone smart enough to know what a keylogger is - much less understand the technical details here - actually fall for this?

2. Someone obviously went to some trouble to fake this. What possible reason could there be?

Posted by: Francois Kashy at June 20, 2005 6:38 PM

That's also not the DHS logo, I'm told.

Posted by: Randall Munroe at June 20, 2005 7:04 PM

Methinks someone had a negative Dell experience and is now out for some revenge. Or, it could just be for fun. Either way, I hate people who commit hoaxes. I like to know if something is real or not, without analysis.

Posted by: x at June 20, 2005 7:42 PM

It's a hoax. See http://www.engadget.com/entry/1234000317047049/

Posted by: dil at June 20, 2005 11:39 PM

If Dell wanted to commit some sort of fraud, wouldn't it be easier for them to use your credit card info? After all, you gotta buy a Dell using a credit card, don't you?

--- Dude, you got a Dell!

Posted by: steve at June 21, 2005 2:34 AM

The Department of Homeland Security's letter is false too:

* Original letter (page 1): http://rawstory.com/images/new/homelandletter.gif
* Original letter (page 2): http://rawstory.com/images/new/homelandletter2.gif

The false letter's header and bottom (near signature) have a font different from the body letter.
The original letter is in this page:

* http://rawstory.com/exclusives/byrne/homeland_security_responds_jeff_gannon_404.htm

Posted by: Gustavo Bittencourt at June 21, 2005 6:27 AM

Wagering 1000 Quatloo's that it's a hoax... 1) A typical laptop's internal keyboard interface is a ribbon with about 32 lines, not a round cord.
2) A well-made laptop will not often have enough spare room inside for an extra lump of circuitry of the type described.

The other poster was on the money; it'd be massively easier to rewrite the keyboard controller's logic to accomplish logging. And, it could be installed/removed in the field without the user's knowledge.

Posted by: Gary at June 21, 2005 6:31 AM

Then there is the whole concept of, why is DHS only interested in logging the keystrokes of Dell users. Don't terroritsts use any other brand?

Going back a couple weeks to the entries on equating encryption with criminal intenet, one would assume terrorists prefer Macintosh, with it's built-in PGP.

Posted by: Probitas at June 21, 2005 8:16 AM

And here we realise Bruce is just human! for fu**s sake can we have some proper leadership! this is turning into sloashdot!

Posted by: Anonymous at June 21, 2005 2:40 PM

The images for the article were pulled right off of http://www.dansdata.com/keyghost.htm
definately a hoax

Posted by: Anonymous at June 21, 2005 3:07 PM

I think I have a keyloger in my laptop. I opened it up and I have one of those ribbon cables, not like what the hoax has, and it goes to one of those keyboard controllers. I checked the chip number on google, and that's what it is. I might be ok because its not a dell. Do only dell machines have keyboard controllers? I don't want the departmont of homeland security reading my irc? Should I be running linux, is that better?

Posted by: Bugged? at June 22, 2005 7:44 PM

Dude, the keyboard controller is necessary for your keyboard to work. the other fellow was saying that it would be easier to create a keylogger innnntegrated in the controller than the on a chip like sown in te story.

Posted by: truthseeker at October 12, 2005 2:27 AM

HELLO U GAI

Posted by: Anonymous at March 13, 2006 4:06 AM

I had a keylogger on my DELL but it came from a SONY CD_EXTRA CD by SPECIFIC HARM RECORDS INC which also installed AOL, downloaded cRAP MP3's, stole passwords, and deleted experimentally synthesized music files.

Don't BUY anything from SONY.

Posted by: keylogged at June 12, 2006 2:50 AM