I see a lot of ads these days for fancy mechanical keyboards from numerous brands, but the thing I always wonder about is: how do we know these keyboards dont have keyloggers or other spying tech built into them?

  • MajorHavoc@programming.dev
    2·
    4 days ago

    realistically just installing malware on the computer via the keyboard would be easier.

    Yeah. Opening a terminal and doing a web fetch to install some spyware is probably the most practical version of the potential attack.

    It would still, I think, be pretty noticable when it ran (just the first time).

    But you make a good point that the USB power state might a way to guess when the user is away.

    I think it could be done.

    For anyone reading along and worried, there’s still two bits of good news:

    1. If done at scale, I think this would get caught in the attempt often enough to make the evening news.
    2. The cost to install a chip this smart roughly doubles the manufacturing cost of the average keyboard. So it’s still not something a single bad actor at a manufacturer is likely to insert, today.
    3. There’s (probably) limited financial incentive on this one, while the average person’s data is already available for purchase - for cheap - online.