Potential solutions for PHUKD

[nihil]

Hi, and welcome to AO,

The subject of hardware security risks and potential attack vectors has been discussed on this forum before.

The simplest remedy is to use a laptop and secure it when not in your physical possession.

Now, let's look at some real life reasons why this sort of attack is totally impractical?

1. You would need fairly sophisticated electronics engineering skills, as you would have to modify the keyboard hardware. That is not as easy as it seems as nobody ever learns how to repair them or how they work.........you just replace them when they go wrong. You would also need a good knowledge of firmware programming and implementation.

2. You would need to know the exact make and model of keyboard, as even the most moronic of users is likely to notice if it changes without them complaining several times to IT support (that's real life!).

3. Even if you could find that information, it doesn't take long for a keyboard to get personalised.............little marks, coffee stains, sticky keys. This one, for example has half of one character symbol missing and no legs, just two port wine corks superglued to its base, and one of the rubber feet is missing so it has a slight but very distinctive wobble. Please do not underestimate how observant people are if they think that someone has been messing with "their" computer or keyboard!

4. All of #2 and #3 would require physical access, as would substituting the keyboard........and just how would you get that past the scanners? It would have to be an inside job by someone authorised to be in the right place at the right time. Anyways, as I look at the 4 keyboards around me, there is only one you would have a hope of recognising the maker (it says "Logitech" on it), and without that information, how would you find a replacement to modify?

5. What about physical security measures such as surveillance cameras, access control, and the good old lock and key. For example, when I worked in the defence sector, you removed the removable HDD caddy from your PC and locked it in a secure, fireproof safe, then locked your office/project room door..........even to go for a p1$$. In case you are wondering, you cleaned your own office.

Another one I have used is the employee tracking device..........your location and movements are logged when you pass through an access control point. In that case the issue wasn't security but employer's accountability in case of a fire or other emergency, but the principle holds.

6. Such an attack would have to be targeted, so that would greatly narrow the opportunity for access. It isn't like dumping a poisoned stick drive in the parking lot

7. How would you get the data out?.......other than repeated physical access, which I have already mentioned, it would have to be through WiFi, which is currently detectable, or through the network, which should be monitored. I also wonder if the device would show up as being in promiscuous mode?......probably not?

All taken into consideration, I would say that the "risk" lives in the minds of those in ivory towers rather than in the real world.

Now, where do I see more serious hardware attack vector risks. Well, just about all your peripherals have firmware that can be flashed.........I know that there is supposed to be "secure" hardware, but I still wonder?

The advantage that would have is that it could be done remotely or with no physical signs............difficult if external media are disabled? And you wouldn't need to be an electronics engineer.

There still remains the problem of avoiding traffic detection though.

Just a few thoughts

P.S. I know that you can purchase physical keylogging boards, but they wouldn't match what they replaced, and they are quite easy to detect.

EDIT:

On further reflection, the device is really only a keylogger with possibly screen capure capabilities. Depending on the environment it would probably take a very long time to gather anything useful, particularly as you wouldn't know what the target was going to be looking at or working on at any point in time?