Keyloggers and Signed Firmware

The recent blog post points out and reminds us of the complexity and the existence of re-writable firmware. It also mentions CRC as proof of secure data management. Well, I’m no expert but CRC just means reliable data integrity not security. Are the firmware updates pushed by WayTools cryptographically signed? If not, what prevents a hacker from pushing a malicious update into the keyboard with something like a keylogger or other sort of malware.

Based upon my reading of the blog I would guess they are not signed. A Yes or No on that would really help clear things up. Apparently Apple struggled with this since it took so long for them to allow third-party software keyboards (and then they are disabled in password fields).

3 Likes

Damn you @picree you just put put another month on the delivery date.

Valid point though and well made.

2 Likes

Lol rolanbek beat me to it

1 Like

I actually thought about this same issue. Especially with a new company like WT. You’ve got a smart Bluetooth keyboard hooked up to a smartphone with an app that communicates with the keyboard. Collecting “usage data” would be a breeze.

Sorry! At this point, another month…eh…

Picree - couple of points for you -

The CRC as we mentioned it is for perfect integrity of the image, it’s not about security.

As to security against hackers, everyone must be humble today that nothing is perfectly impregnable against hack attack. That said, there are things we do that make this very difficult to compromise in practice.

One significant hurdle is that a hacker would have to reverse engineer the very complex internal workings of 4 very dense binary files in 4 separate computers. If they disturbed any one of them, the operation would go down. So if you tried to add a key logger to the internal code in the TextBlade, you’d have to know quite a bit about it not to break its operation.

The extent of debugging complexity even for our code authors is nontrivial, and has required the development of custom software tools to even be able to build it.

Second, as to the iOS app, Apple has strict controls and reviews to vette for malware.

So nothing is impenetrable, but an illicit key logger would be much harder to do on TextBlade, as compared with a conventional Bluetooth keyboard.

So it’s already quite a bit more secure than what folks are using right now.

1 Like

Sure it certainly appears very difficult to do something like that however, signing and verifying firmware has many security benefits (known and unknown). And true it’s probably easier to put a keylogger on the iPhone/iPad/Android rather than on the TextBlade (I suppose TextBlade could even be used with desktop systems). But once TextBlade leaves WT it is out of your control and presumed to be in a hostile environment. Eliminating the possibility for any tampering with the firmware would seem to be in WT’s best interest. Relying on security through obscurity is no real security at all.

And, sure Apple has layers of security as you point out but, comparatively, Android does not. This is also the crux of Bad USB. It’s also why Apple signs and verifies their updates making it very difficult to jailbreak or go back to old iOS versions.

How long after shipping this new and novel product do we really think it will take before some researcher or hacker tries to break into it, reverse engineer it, and do something nefarious? They LOVE doing that! Signing the firmware would certainly dissuade many attempts. Perhaps I will post a request in the Wish List category for future consideration. In this day and age it really is something that should be baked into the platform.

1 Like

translation: No you are potentially vulnerable. but look shiny

I agree and I don’t believe it is as complex or obscure as WT believes. Thinking of the 4 node network they have in the TextBlade, most of it could be ignored and left to function as is. The only node I would think you would need to be concerned with is the Bluetooth node. It is the interface to the outside world for both OTA updates and keystroke information. There may even be testing routines embedded in the firmware that when activated act as a key logger. Since the TextBlade is designed to work with smartphones as well as desktops, it will not always be connecting to a device that lives in a walled garden. If hackers can figure out how to jailbreak an iPhone, they can figure out how to hack a TextBlade.

With their attention to detail, I am sure WT has worked through these scenarios. Given enough time and resources most anything can be hacked. It is the amount of time and resources needed that provides the level of security (i.e. a complex password vs. a 4 digit pin code) I just hope they are not relying too heavily on “if our developers have a hard time getting it to work, then it will be nearly impossible for anyone else” as their security protection. If they are, they may be thinking they have developed something with a complex password, when it may just be a 4 digit passcode.

This is all speculation and I am sure that WT will be able to describe the security they have designed and implemented to protect the TextBlade from malware and hackers. In most cases it would probably be easier to put a key logger on the host device, but that is not an excuse to be lax in security on an OTA updatable device.

One catchphrase: security by obscurity

That said, the attack cost looks fairly high. Way higher than Hillary’s emails.

3 Likes

Now that’s a lowball if I ever heard one.

you didn’t actually disagree…

Have you read the September 10th Nopdate?

Sorry… I took “put another month on” to mean “added a month to” rather than “put a different month on”.

Slightly oftopic, but as a non native speaker I took it to mean exactly that, however mean that may sound. Could you explain the difference? (even if it’s just to pass the waiting time, however long or short may be left)

In colloquial English, “putting another on” can mean “adding to” as in “put another shrimp on the barbie, mate” or “I just put on another five pounds”. ( “Taking off” can mean subtracting, as well… “Take 50% off our already low price!”)

But it could also mean substituting a replacement, as in “I’m going to put another hat on”…when if would be more precise to say “I’m going to put a different hat on” (implying “… and remove the one I’m wearing”).
So “put another month on the delivery date” could mean either

date.month = date.month + 1

or

date.month = 2016.July

Basically “another” (“an other”) could mean either accumulation (“an additional”) or replacement (“a different”).

To make matters worse, in mid-20th century slang “You’re putting me on” means “You’re attempting to deceive me.”

Long live programmers explanations, much more fun to read it in computer logic + it can’t be faulted. Thanks alot, always fun to learn about those fine differences.
*edit: the latter “you’re putting me on” is to me explained simply as power.mysensualside = 1 :wink:

As for key logging, Textblade does provide enough storage for inblade logging under certain circumstances. At some point there was even the suggestion of using that as an offline notepad solution. But that would need alot of programming and hence time for quite a small target group (for now). On a slightly related note I’m more worried about sniffing of the Bluetooth signal, although I’m hoping (as a non-IT-professional) that BLE4 has some build-in solutions for that?

Hoping to be able to type stuff like this on keys instead of swiping on glass soon

BT LE security is a real concern. There was a thread about it early on - Bluetooth 4.0 Security Concern

WT is clearly putting a higher emphasis on battery life than on security. For me, traveling around the world and using open networks at Internet cafes and coffee shops, BT packet sniffing and the like are a real concern. One which WT has chosen one of the weakest BT protocols for (LE), just to make their 45min from E to F, last a month or more.

BT LE security is weakest while pairing but can easily be forced to repair at will by those capable of packet sniffing. Best method would be out of band pairing by either RFID or QR code. However, sadly, Apple does not support these methods of out of band pairing. (Out of band pairing means that the BT signal isn’t used for the transmission of the actual pairing code. Thus enabling a much higher level of security.)

I advocate the use of a QR code sticker stuck either to the packaging/literature, or on the bottom of the SpaceBlade, preferably removable, though a permanent option isn’t bad either. (This can either be done by laser or by printing with high bond inks.)

I’m perfectly willing to wait for strong BT security until after my TB can be OTA updated sometime in 2016.

5 Likes

If it comes to firmware updates, I recommend using some sort of user input at the keyboard to activate the update process. So for example: In order to transfer or activate a new firmware on the keyboard the user has to press 4 buttons simultaneously. This feature should be fairly easy to implement, but very effective. The user can be sure that without pressing the special key combination the firmware always stays the same.

It would be nice to see something like this implemented.

1 Like

2016 is become a year of amazing predication. Will we look back at if now like we do at 2012 and think to ourselves “what was that all about”?

In 2016 I think my Textblade might be delivered by amazon drone, to my robot butler, and i will use it to write my Nobel acceptance speech on the inaugural Cross-rail service.

typed on a wing and a prayer