[unisog] Keyboard sniffers
Peter Van Epp
vanepp at sfu.ca
Mon May 2 23:11:12 GMT 2005
On Mon, May 02, 2005 at 04:36:20PM -0400, Valdis.Kletnieks at vt.edu wrote:
> On Mon, 02 May 2005 13:21:12 PDT, Brandon Enright said:
> > Unfortunately the AT-PS/2 interface is a non-plug-n-play legacy interface so you
> > aren't going to be able to receive a signal notifying you of the device being
> > unplugged or plugged in. One way to accomplish the detection would be to send
> > periodic commands to the keyboard and wait for the acknowledgement.
> You'd have to poll literally every few seconds - fast enough so you'll
> notice if somebody pulls the cable, pops a recorder on the end, and plugs
> it back in....
I'd expect Windows (where this will happen in BIOS) to be the main
problem. The Unixes (Linux and the BSDs) implement their own driver and it
will get (although it may not currenly log) the keyboard reset sequence when
the keyboard processor reconnects. However as Michael pointed out this is
defeated by powering down, inserting the key logger and powering up. You won't
be able to detect the key logger at that point and the software ones are as
much or more of a threat anyway..
Peter Van Epp / Operations and Technical Support
Simon Fraser University, Burnaby, B.C. Canada
More information about the unisog