1

is it possible for my keyboard, a Logitech G910 Orion Spark to get infected with a virus or a keylogger after a friend used it to type in his log in password? his laptop's built in keyboard wasnt working so he used mine merely to type in his password then he unplugged it (he only wanted to watch some youtube vids and only needed his mouse for that). my question is, since this is a mechanical keyboard with on board memory and macro capabilities, is it possible that it got infected in that short time frame? what are the odds of that? shouldnt the potential exploit have to be specifically coded to infect this specific product? if its possible to infect, how does one check and by extension how does one remove the potential exploit? i havent seen any signs, im just paranoid about stuff like this and wish to make sure.

BlueWreck
  • 11
  • 2
  • I suspect not - there's more detail in what I would think was a duplicate: http://security.stackexchange.com/questions/39437/can-i-use-the-same-keyboard-on-both-my-infected-and-non-infected-computers – davidsheldon Aug 26 '16 at 15:46
  • i saw this post, but i was wondering if the fact that my keyboard has on board memory and is capable of storing macros makes a difference so i decided to make a fresh thread – BlueWreck Aug 26 '16 at 15:57

2 Answers2

2

In fact, this is possible and Logitech peripherals have been used to attack machines, or to move malware from one host to another. Time doesn't really matter, because an infected PC can flash a hardware device in seconds (probably less).

Though I think it is highly unlikely you have been infected, for two reasons:

  1. This type of expolit has not been seen on mass scale (yet) and has primarily been a topic of studies.
  2. In addition to that, the malware must have been on the PC in the first place, and should have been capable of infecting you keyboard without any firmware corruption. This requires skills and a highly sophisticated piece of malware.

From what I gather, I don not think you have anything to worry about.

Update:

Like you said, a keyboard firmware will likely whipe the ROM.

Yorick de Wid
  • 3,356
  • 15
  • 22
  • i updated the firmware of my keyboard right after i connected it back to my own pc which i know is clean in the hopes that i could overwrite whatever potential changes were made to my keyboard's firmware. was that the right move? or didn't it even matter. anyhow, basically you are saying that the chances of my device getting infected is slim to none? Thanks for the reply btw, really appreciated. – BlueWreck Aug 26 '16 at 15:51
  • @BlueWreck As a reference, I'd suggest the original paper https://www.usenix.org/system/files/conference/woot14/woot14-maskiewicz.pdf – Yorick de Wid Aug 26 '16 at 15:55
  • when you say "a keyboard firmware will likely whipe the ROM." you mean the firmware update would likely remove whatever the infected pc could have potentially changed? – BlueWreck Aug 26 '16 at 16:04
1

It is highly unlikely, and yes it would have to be tailored to the device. I'd like to point you to Karsten Nohl's BadUSB attack, the code for which has been public for almost 2 years now. The bad news is; you can't really reliably detect it. The good news, because it's so obscure it's only doable for governments and large companies to build malware for it. So the chance is not quite zero, but not enough to worry about.

J.A.K.
  • 4,783
  • 13
  • 30
  • i see. thanks for the reply. would a firmware update of my device potentially overwrite whatever changes/piece of code that could potentially have been injected? the laptop was something he hasnt used for over 2 years(almost everything should be out of date). (his current one went in for repairs and he wanted to watch some vids so he pulled out the old laptop) – BlueWreck Aug 26 '16 at 16:25