Mr. Chen also explained that he had been working with Apple to come up with a solution, but that he feared Apple may be selecting the weaker fix by only blocking future revisions of Mac OS X from infecting the keyboard. This would not prevent the keyboard from being hacked by another computer running something other than the latest version of Mac OS X nor does it guarantee that a patched Mac OS X computer can’t bypass the proposed protections. The cleaner solution Mr. Chen is proposing is that Apple should simply lock the Keyboard firmware from any future modifications since the keyboard doesn’t implement any digital signature protection.Full details at Digital Society.
I asked Mr. Chen why Apple would leave the firmware open and he explained that Apple had a tendency to rush hardware to market which has resulted in shipped keyboards with flaws that needed firmware updates. But because the keyboards are already more mature today; perhaps it wouldn’t be a bad idea for Apple to lock in the firmware.
Hacker finds critical exploit in Apple Keyboard
Posted on Sunday, Aug 02 2009 @ 23:26 CEST by Thomas De Maesschalck