I see a lot of ads these days for fancy mechanical keyboards from numerous brands, but the thing I always wonder about is: how do we know these keyboards dont have keyloggers or other spying tech built into them?

  • desktop_user
    1·
    5 days ago

    the USB suspend state could be used to detect when the computer is asleep which could help with getting the login credentials, but the attack would absolutely be tempermental and realistically just installing malware on the computer via the keyboard would be easier.

    • MajorHavoc@programming.dev
      2·
      4 days ago

      realistically just installing malware on the computer via the keyboard would be easier.

      Yeah. Opening a terminal and doing a web fetch to install some spyware is probably the most practical version of the potential attack.

      It would still, I think, be pretty noticable when it ran (just the first time).

      But you make a good point that the USB power state might a way to guess when the user is away.

      I think it could be done.

      For anyone reading along and worried, there’s still two bits of good news:

      1. If done at scale, I think this would get caught in the attempt often enough to make the evening news.
      2. The cost to install a chip this smart roughly doubles the manufacturing cost of the average keyboard. So it’s still not something a single bad actor at a manufacturer is likely to insert, today.
      3. There’s (probably) limited financial incentive on this one, while the average person’s data is already available for purchase - for cheap - online.