Schneier on Security
A blog covering security and security technology.
« Disarming Soldiers |
| Speeding Ticket Avoidance »
June 20, 2005
Dell Keyboard Loggers
Many people have sent me the story about Dell Computers selling machines with hardware keyboard loggers built in. The story was scant on details, and smelled like a hoax to me. Snopes has weighed in; they believe it's a hoax too.
Posted on June 20, 2005 at 4:30 PM
• 19 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
The Snopes webpage links to further info on Key Loggers in relation to where the images for the original hoax came from. This link will try infect your computer with JS_FORTNIGHT so be careful.
Its an obvious hoax to the extent that no laptop vendor would add 20c to the cost of laptop if they could help it, let alone many tens of dollars.
If they wanted to log the keystrokes, they would just reprogram the keyboard controller BIOS instead. Why add extra hardware when there is a 16 bit RISC core between all local keyboard and mouse actions and the main CPU. If they did that, there is nothing to find unless you disassemble the bios and find the KBC code (its in the same bit of flash, just a different assembler)
The text in the hoax seems to be copied from the same page as the image was copied from. This is very revealing seeing that both texts incorrectly label the PIC microcontroller as beeing a "programmable interrupt controller", obviously another meaning of the acronym PIC (but not correct in this case).
1. Would anyone smart enough to know what a keylogger is - much less understand the technical details here - actually fall for this?
2. Someone obviously went to some trouble to fake this. What possible reason could there be?
That's also not the DHS logo, I'm told.
Methinks someone had a negative Dell experience and is now out for some revenge. Or, it could just be for fun. Either way, I hate people who commit hoaxes. I like to know if something is real or not, without analysis.
If Dell wanted to commit some sort of fraud, wouldn't it be easier for them to use your credit card info? After all, you gotta buy a Dell using a credit card, don't you?
--- Dude, you got a Dell!
Wagering 1000 Quatloo's that it's a hoax... 1) A typical laptop's internal keyboard interface is a ribbon with about 32 lines, not a round cord.
2) A well-made laptop will not often have enough spare room inside for an extra lump of circuitry of the type described.
The other poster was on the money; it'd be massively easier to rewrite the keyboard controller's logic to accomplish logging. And, it could be installed/removed in the field without the user's knowledge.
Then there is the whole concept of, why is DHS only interested in logging the keystrokes of Dell users. Don't terroritsts use any other brand?
Going back a couple weeks to the entries on equating encryption with criminal intenet, one would assume terrorists prefer Macintosh, with it's built-in PGP.
And here we realise Bruce is just human! for fu**s sake can we have some proper leadership! this is turning into sloashdot!
I think I have a keyloger in my laptop. I opened it up and I have one of those ribbon cables, not like what the hoax has, and it goes to one of those keyboard controllers. I checked the chip number on google, and that's what it is. I might be ok because its not a dell. Do only dell machines have keyboard controllers? I don't want the departmont of homeland security reading my irc? Should I be running linux, is that better?
Dude, the keyboard controller is necessary for your keyboard to work. the other fellow was saying that it would be easier to create a keylogger innnntegrated in the controller than the on a chip like sown in te story.
I had a keylogger on my DELL but it came from a SONY CD_EXTRA CD by SPECIFIC HARM RECORDS INC which also installed AOL, downloaded cRAP MP3's, stole passwords, and deleted experimentally synthesized music files.
Don't BUY anything from SONY.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.