13

I have a computer which is virus infected. Can I use the same keyboard on both it and a "safe/clean" computer without fear?

Keyboards these days seem to come with built in software and thus must have a small amount of memory... right?

tylerl
  • 82,665
  • 26
  • 149
  • 230
Jenny
  • 443
  • 1
  • 5
  • 9
  • As usual the answer depends a lot on the scenarios you want to protect against. Suppose you have an evil maid attack in mind, it's well possible that a keyboard could be tampered with. Another aspect that no other answer seems to have considered are devices posing as HID devices (including a physical keyboard which was modified by an attacker) _and also_ as storage devices, perhaps even only after a certain key combination was pressed. Consider [The Glitch](http://theglitch.sourceforge.net). Small enough to implant into a "mouse". – 0xC0000022L Dec 29 '20 at 00:29

3 Answers3

17

An USB device necessarily has some circuitry to implement the USB protocol: enough to identify itself as a keyboard, negotiate some current to draw from the host, and send key press/release events. This means that there is, in the keyboard, some skeletal CPU with its software (often dubbed "firmware"). Correspondingly, this is potentially hackable.

In particular, some keyboards have upgradable firmwares, so some malware on a machine could send a malicious upgrade to the keyboard, contaminating it permanently. This has been demonstrated for an Apple keyboard (not a gaming keyboard with an open API for running custom application, just a regular keyboard): a malicious firmware upgrade which embeds a keylogger in the keyboard itself. The really nasty part of the demo is that a firmware upgrade, by nature, is written to some sort of permanent storage (EEPROM or Flash), so it will resist poweroff states.

Conversely, if a keyboard firmware is not upgradable, then it probably is incapable (physically) of retaining any altered data when power is cut. Such a keyboard would be safe to exchange between an infected and a non-infected machines -- as long as it is not a wireless keyboard, because these ones have batteries.

However, how would you know if your keyboard firmware can be reflashed ? It is rarely documented...

Probability of keyboard-transmitted infection is still low; I have not heard of any case beyond the Apple keyboard demo. However, you've been warned.

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • I agree with your facts, but I think the probability is so low that it is equal in probability of any other random 0-day infection, and as such, is equal in risk to assuming that it is not infected (until proven otherwise). The keyboard and mouse SHOULD be the #1 places malware should seek to migrate. It's one place that would survive being 'nuked from orbit' and reinfect a re-imaged/rebuilt machine as well as transmission to other machines. The fact there is not more awareness of these types of hardware infections means it would take an especially vulnerable piece of hardware. – schroeder Jul 24 '13 at 21:59
  • 1
    One way to confirm if your keyboard could be reflashed would be to open it up and check if it contains flash memory; if it doesn't, it can't be flashed; if it does, maybe. (Microchips are generally identified by writing on top which can be looked up to see what the chip is.) – derobert Jul 30 '13 at 19:35
7

Keyboards typically do not have any software or memory. There are a few rare exceptions, such as the Logitech G19 gaming keyboard which has a little computer built into it to run applications, but for a typical USB (or P/S 2) keyboard, you have nothing to fear.

Xander
  • 35,616
  • 27
  • 114
  • 141
  • 2
    +1 You brought a good point with the Logitech G19 and its likes. It would be interesting to see if they're exploitable in a way to carry malware. – Adi Jul 23 '13 at 20:53
  • 1
    @Adnan Anything is exploitable. ;) – Steve Jul 23 '13 at 21:21
  • 1
    Tom Leek's answer contradicts this one, and his answers broadens a lot the keyboards targets (ie, that USB keyboards could be infected by a payload via firmware update [of the part handling USB protocol]. And that payload could be a keylogger, or almost anything else) – Olivier Dulac Jul 24 '13 at 09:08
5

All USB devices have software of one sort or another, but typically this software is not modifiable once the device leaves the factory, and certainly not over the USB wire.

Some less-common keyboards have upgradable firmware, but this is the exception rather than the rule.

Most wireless keyboards in particular don't even support bi-directional communication; the keyboard has a transmitter only, no receiver (which is why they don't have num lock, scroll lock, and caps lock lights). Though it is technically possible for the transmitter dongle to have some amount of programmable memory.

Certainly the cheaper the keyboard, the less likely it is to have sufficient hardware to be exploitable.

tylerl
  • 82,665
  • 26
  • 149
  • 230