This website does readability filtering of other pages. All styles, scripts, forms and ads are stripped. If you want your website excluded or have other feedback, use this form.

Schneier on Security: Dell Keyboard Loggers

success fail Jul JUL Sep 14 2006 2007 2010 70 captures 23 Jun 2005 - 16 Jan 2018 About this capture COLLECTED BY Organization: Internet Archive The Internet Archive discovers and captures web pages through many different web crawls. At any given time several distinct crawls are running, some for months, and some every day or longer. View the web archive through the Wayback Machine. Collection: nsdlweb this data is currently not publicly accessible. TIMESTAMPS

Bruce Schneier

Home

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

Computer Security Articles

News and Interviews

Speaking Schedule

Password Safe

Cryptography and Computer Security Resources

Contact Information

Schneier on Security

A blog covering security and security technology.

« Disarming Soldiers | Main | Speeding Ticket Avoidance »

June 20, 2005

Dell Keyboard Loggers

Many people have sent me the story about Dell Computers selling machines with hardware keyboard loggers built in. The story was scant on details, and smelled like a hoax to me. Snopes has weighed in; they believe it's a hoax too.

Posted on June 20, 2005 at 04:30 PM

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

The Snopes webpage links to further info on Key Loggers in relation to where the images for the original hoax came from. This link will try infect your computer with JS_FORTNIGHT so be careful.

Posted by: Declan Lynch at June 20, 2005 05:05 PM


If you need a working mirror, I've had this up for a few days at [web.archive.org] and unlike the other mirrors, it isn't going anywhere, and it doesn't contain any spyware.

Posted by: IO ERROR at June 20, 2005 05:26 PM


Its an obvious hoax to the extent that no laptop vendor would add 20c to the cost of laptop if they could help it, let alone many tens of dollars.

If they wanted to log the keystrokes, they would just reprogram the keyboard controller BIOS instead. Why add extra hardware when there is a 16 bit RISC core between all local keyboard and mouse actions and the main CPU. If they did that, there is nothing to find unless you disassemble the bios and find the KBC code (its in the same bit of flash, just a different assembler)

-steve

Posted by: Steve Loughran at June 20, 2005 05:43 PM


The text in the hoax seems to be copied from the same page as the image was copied from. This is very revealing seeing that both texts incorrectly label the PIC microcontroller as beeing a "programmable interrupt controller", obviously another meaning of the acronym PIC (but not correct in this case).

Posted by: kju at June 20, 2005 05:50 PM


1. Would anyone smart enough to know what a keylogger is - much less understand the technical details here - actually fall for this?

2. Someone obviously went to some trouble to fake this. What possible reason could there be?

Posted by: Francois Kashy at June 20, 2005 06:38 PM


That's also not the DHS logo, I'm told.

Posted by: Randall Munroe at June 20, 2005 07:04 PM


Methinks someone had a negative Dell experience and is now out for some revenge. Or, it could just be for fun. Either way, I hate people who commit hoaxes. I like to know if something is real or not, without analysis.

Posted by: x at June 20, 2005 07:42 PM


It's a hoax. See [web.archive.org]

Posted by: dil at June 20, 2005 11:39 PM


If Dell wanted to commit some sort of fraud, wouldn't it be easier for them to use your credit card info? After all, you gotta buy a Dell using a credit card, don't you?

--- Dude, you got a Dell!

Posted by: steve at June 21, 2005 02:34 AM


The Department of Homeland Security's letter is false too:

* Original letter (page 1): [web.archive.org]
* Original letter (page 2): [web.archive.org]

The false letter's header and bottom (near signature) have a font different from the body letter.
The original letter is in this page:

* [web.archive.org]

Posted by: Gustavo Bittencourt at June 21, 2005 06:27 AM


Wagering 1000 Quatloo's that it's a hoax... 1) A typical laptop's internal keyboard interface is a ribbon with about 32 lines, not a round cord.
2) A well-made laptop will not often have enough spare room inside for an extra lump of circuitry of the type described.

The other poster was on the money; it'd be massively easier to rewrite the keyboard controller's logic to accomplish logging. And, it could be installed/removed in the field without the user's knowledge.

Posted by: Gary at June 21, 2005 06:31 AM


Then there is the whole concept of, why is DHS only interested in logging the keystrokes of Dell users. Don't terroritsts use any other brand?

Going back a couple weeks to the entries on equating encryption with criminal intenet, one would assume terrorists prefer Macintosh, with it's built-in PGP.

Posted by: Probitas at June 21, 2005 08:16 AM


And here we realise Bruce is just human! for fu**s sake can we have some proper leadership! this is turning into sloashdot!

Posted by: Anonymous at June 21, 2005 02:40 PM


The images for the article were pulled right off of [web.archive.org]
definately a hoax

Posted by: Anonymous at June 21, 2005 03:07 PM


I think I have a keyloger in my laptop. I opened it up and I have one of those ribbon cables, not like what the hoax has, and it goes to one of those keyboard controllers. I checked the chip number on google, and that's what it is. I might be ok because its not a dell. Do only dell machines have keyboard controllers? I don't want the departmont of homeland security reading my irc? Should I be running linux, is that better?

Posted by: Bugged? at June 22, 2005 07:44 PM


Dude, the keyboard controller is necessary for your keyboard to work. the other fellow was saying that it would be easier to create a keylogger innnntegrated in the controller than the on a chip like sown in te story.

Posted by: truthseeker at October 12, 2005 02:27 AM


HELLO U GAI

Posted by: Anonymous at March 13, 2006 04:06 AM


I had a keylogger on my DELL but it came from a SONY CD_EXTRA CD by SPECIFIC HARM RECORDS INC which also installed AOL, downloaded cRAP MP3's, stole passwords, and deleted experimentally synthesized music files.

Don't BUY anything from SONY.

Posted by: keylogged at June 12, 2006 02:50 AM


Post a comment

Powered by Movable Type 3.2. Photo at top by Steve Woit.

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT Counterpane.

Blog Menu

Search

Recent Entries

Comments

Archives

Syndication RSS 1.0 (full text)
RSS 2.0 (excerpts) Crypto-Gram Newsletter If you prefer to receive Bruce Schneier's comments on security as a monthly e-mail digest, subscribe to Schneier on Security's sister publication, Crypto-Gram.
read more