Re: [dm-crypt] avoid keyloggers: enter password with mouse (virtual keyboard)

[Arno Wagner <arno@wagner.name>]

On Wed, Apr 14, 2010 at 03:11:50PM +0200, Olivier Sessink wrote:
> 2010/4/13 Milan Broz <mbroz@redhat.com>:
> > On 04/13/2010 09:38 PM, Heinz Diehl wrote:
> >> On 13.04.2010, Arno Wagner wrote:
> >>
> >>> If he has a hardware Keylogger on his system, somebody
> >>> did physically manipulate his machine and all bets
> >>> are off anyways.
> >>
> >> Of course.
> >>
> >> So this boils down to the fact that a software keyboard is useless :-)
> >> If somebody had physical access to the machine, there will be no
> >> way to detect any backdoors, and if somebody had been able to install a
> >> software keylogger, this person has already gained root access to the machine
> >> and could simply have read the master key from memory or whatever, you
> >> name it.
> >
> > I just remember schoolbook example with "software keyboard" where
> > such keyboard was used to enter PIN using mouse.
> >
> > Instead of sending the key scan code back to hidden logger program,
> > it simply send rectangular areas on screen (screenshot) centered to
> > mouse clicks...
> > So attacker can easily read pin code from these few-bytes small pictures
> > of visual keyboard:-)
> 
> 1) a hardware keylogger costs about $100,-, can be ordered on many
> places, and requires no technical expertise whatsoever. A hardware
> keylogger is 100X easier than software modifications, or a
> hardware-mouse-sniffer (I've never seen them)

It is also about 10'000 times easier to find. 

> 2) we have protected ourselves from software modifications already
> (boot from USB). So a hardware keylogger is our biggest threat.

As an attacker with physical access can modify your boot
USB device contents or replace the device in the first place.
Adding a software keyboard sniffer is easy with that.

> 3) most virtual keyboards I have seen are randomly positioned on the
> screen, so you really need a well-positioned camera to capture the
> password (which, again, is much more complex than a hardware
> keylogger, requires a lot of technical expertise).

But physically getting to your computer to place, and, more important
later retrieve, a hardware keylogger is easy? 

I still think your security analysis is invalid. For example, why 
not attach the keyboard cable in such a way that placing a hardware 
keylogger in it gets very hard, e.g. needs cable cutting? If your 
attackers have no technical expertise, that would reliable defeat 
them. This can be as easy as gluing the keyboard connector in, or 
fixing it in place with hard to open cable ties.

Maybe tell us a bit more about your scenario?

Arno
-- 
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier