We can't trust manufacturers not to build keyboards with undetectable hardware keyloggers now and in the future because the NSA has plenty of money. I say this idea isn't new to them at all and I hope that people in the future will keep taking the different models apart to hack around.
Keyloggers inside everyone's keyboard could be useful to the NSA and FBI who could pay companies to bake them in. When you're suspected of a serious crime for example or you get into serious trouble, you could get your storage devices taken away. Encrypted or not, your keyboard could then reveal passwords if it's the correct model. This even breaks forward secrecy. These tiny computers inside keyboards meant to control light flashing, sound, card reading, and more could possibly also control which keys to record and what to throw away based on repetition... if the keylogger's space is limited. Keylogger functionality can be massive, they can use compression or run through the text file it generated over the years, keep one copy of repeated phrases, and throw away the rest. An attacker could possibly talk to your keyboard through your computer if it runs systemd or Windows assuming the interface to the keylogger can be that convenient.
view the rest of the comments →
[–] dabork 0 points 12 points 12 points (+12|-0) ago
Lol "look for keyloggers". What do you think it's going to look like? A big black box inside your keyboard that says "KEYLOGX 2.2.3" ?
If they do bother to install a hardware keylogger, it would look just like a boring circuit board that you would have no way of knowing isn't vital to the keyboard without extensive knowledge. Hell, they could probably just integrate it into the circuit board that already exists to interpret the keys you press, and aside from maybe an extra chip on the board, there would be nothing notable to see. More likely is that somebody, either the government or the manufacturer, slips a keylogger into the driver itself. Hardware keyloggers are easier to use because they don't require you to beat an anti-virus or user competency, but they only work until they are found and then they are permanently broken, they also come with much less deniability. If someone ever found a hardware keylogger in any major brand's keyboards, it would literally ruin them. But a software keylogger can always be written off as a virus or a compromised system like what happened with the Ubuntu ISOs that were posted on their official site and came with some pretty serious malware. A software keylogger is more difficult, but harder to fully remove because software can be self-replicating and constantly changing itself.
[–] Lopsid [S] 0 points 2 points 2 points (+2|-0) ago (edited ago)
My initial thought was anything with a chip is a candidate for inspection.