I just got a cheap second-hand magic keyboard (Apple). Is there any way to check if it's been key logged? I cannot see any screws or openings other than the one for the battery pack.
Asked
Active
Viewed 1,108 times
0
-
2This seems like an incredibly unlikely risk for the average person buying a second-hand keyboard from a random third party. In order to recover keystrokes, the attacker would require either physical access to the keyboard (or at least ongoing proximity to it), and to accomplish this in the first place would likely require an uncommon level of expertise and motivation. Do you have any reason to suspect that you, specifically, would be targeted for this kind of attack? If not, this kind of threat likely ranks pretty close to the bottom of things to be worried about. – Stephen Touset May 10 '18 at 21:27
-
Well, I guess being involved with digital assets made me paranoid. I could be a possible target as I am working for a fund investing in blockchain+emerging tech and being quite public about it on social media. – Ana-Maria May 10 '18 at 21:38
-
3If it's something you genuinely think you should be concerned about, then buying equipment first-hand and sealed directly by the manufacturer is going to be worth far more than the difference in price over secondhand, even if only for peace of mind. – Stephen Touset May 10 '18 at 21:45
-
That said, unless you have a reason to believe the person you bought the keyboard from knows this about you and premeditated the sale for this reason... I think this is a highly unlikely threat vector. – Stephen Touset May 10 '18 at 21:49
-
And there are ways to [install a keylogger](http://www.blackhat.com/html/bh-usa-09/bh-usa-09-archives.html#Chen) in firmware, without any physical modification. – user71659 May 11 '18 at 01:33
-
Ah fair enough, I guess there's no need to worry. Yeah, I usually get all my hardware sealed by the manufacturer. Thanks to all – Ana-Maria May 11 '18 at 09:32
1 Answers
1
This would be practically impossible. Off course, you could open it up and see if there's any strange looking components who doesn't seem to belong there. But how would one tell what's legitimate and what's not? Plus, the keylogger could be in the firmware, meaning it's not hardware and can't be seen directly.
That it's a Bluetooth keyboard makes the situation a bit special. An ordinary hardware keylogger would probably be attached to the cable going from the circuit board out of the keyboard. That makes it a bit easier to detect. But you can't install something like that on a wireless keyborad since there is no cable. That makes it much harder to install a keylogger, but also much harder to detect one if it's installed.
But in the end, the likelihood that your second hand keyboard would contain malware is small. Unless you have some specific reason to believe you may be under a serious targeted attack, you probably shouldn't worry to much about it. Chanses are there are bigger risks elsewhere to care about first.
But if the risk do bother you, your best bet is to by a new keyboard rather than examining the second hand one.
TL;DR: You can't really check if it's been keylogged, but in practice you don't really need to anyway.
Anders
- 64,406
- 24
- 178
- 215