Cherry’s Secure Board 1.0 Encrypts Every Keystroke & Has Smart Card Readerby Anton Shilov on December 3, 2019 10:00 AM EST
- Posted in
- Secure Board
Security is one of the primary concerns for many organizations these days, so makers of hardware and software have been responding in-kind with new security features baked into their products. To that end, Cherry has introduced a new keyboard that has a smart card reader and can encrypt every keystroke to prevent keylogging.
The Cherry Secure Board 1.0 is a classic looking black or white keyboard with inexpensive rubber dome switches (which Cherry calls LPK) that has an integrated Class 2 reader for ISO 7816 and ISO 14443 A/B-compliant smart cards as well as cards/tags with an RF/NFC interface. Such cards and tags are used by various government and corporate organizations to identify their employees using hardware means and control their access levels and actions. The board is FIPS-201 compliant.
The key feature of the Secure Board 1.0 is support for Secure Mode that verifies authenticity of the keyboard to its host PC with a special certificate and encrypts every key stroke when used in Secure Mode. According to Cherry, Secure Mode protects against BadUSB attacks, yet it does not explain how exactly other than saying that it blocks 'the standard keyboard channel'. At any rate, since Secure Mode encrypts every keystroke, it should make it impossible for keyloggers to intercept sensitive data and/or passwords.
At this point, we can only speculate how Secure Mode works: it might prevent the OS from getting 03h (human interface device) descriptor from devices without a special certificate and thus infect the PC with a virus by executing preprogrammed keystrokes and/or running certain applications. Alternatively, it might prevent the OS from recognizing any unencrypted input from a keyboard.
The biggest limitation with Secure Mode at the moment is that it currently works only with clients running Linux, while Windows support is still under development. This pretty much limits usefulness of Secure Mode to a handful of corporate desktops, but considering the fact that Cherry is a German company and Linux is widely used in Germany, it's not as problematic as it may first appear for Cherry's home market.
Cherry has already started to sell its Secure Board 1.0 keyboards in Europe and the UK for €69.99 and £64.99 respectively. Versions with layout for Belgium, Germany, France, Italy, Spain, Switzerland, Nordic, and the UK are available. There are also black and white versions with the US layout (albeit with € symbol).
- HP’s Endpoint Security Controller: More Details About A New Chip in HP Notebooks
- HP’s Security Push: Sure Sense & Endpoint Security Controller
- Synaptics' Next-Gen Fingerprint Sensor Security: The FS7600 Match-In-Sensor
- Synaptics Discusses Fingerprint Security and the Need For End-to-End Encryption
- Cherry Launches MC 4900 Mouse with Fingerprint Reader, 1375 DPI Sensor
- Cherry Announces the MW 4500 Mouse with 45° Palm Rest, 1200 DPI Sensor
Post Your CommentPlease log in or sign up to comment.
View All Comments
RadiclDreamer - Tuesday, December 3, 2019 - linkWow, talk about a solution looking for a problem.
This looks about as useful has the HDMI cables with virus protection built in...
jordanclock - Tuesday, December 3, 2019 - linkThis is a solution to a real problem, if it works as stated. Hardware key loggers and key injectors are very real attacks and this offers some protection.
III-V - Tuesday, December 3, 2019 - linkHDMI virus protection serves its use in parting fools from their money.
This, on the other hand, helps protect a computer against things like "evil maid attacks". There's actually a legitimate use for securing everything humanly possible.
But yes, the entire security industry's motto is "solutions looking for problems". Without creating boogeymen, they wouldn't be able to make a living.
willis936 - Tuesday, December 3, 2019 - linkI’m no expert but I think KISS is a tenet of security. By adding in software layers you increase your attack surface. What’s best is to physically secure your computers, make sure you trust who you get your computer parts from and the manufacturers of those parts, and have competent IT.
You’re trading trust of one company for another. How do you know that the software implementation on these keyboards isn’t horribly insecure? It’s a cool concept and on the surface seems well executed, but I’d be nervous if I was relying on it.
Reflex - Tuesday, December 3, 2019 - linkKISS is not a blanket philosophy that is equally applied everywhere. By that standard we shouldn't use encryption, it's far simpler to operate without it and reduces your attack surfaces. Of course at that point no significant effort ever needs to be made to steal data at all...
In an ideal world yes you can perfectly secure every device with access to your network and ensure everyone with access can be perfectly trusted. We don't live in that world. In the real world not everything is under our control, and while we should avoid security that is either snake oil or that in its complexity can reduce network security (for instance, network security black boxes), ensuring end to end encryption that gets as close to each 'end' as possible is a wise approach.
When designing a security architecture, the assumption is that any given mitigation will be breached at some point, so the goal is to ensure two things: 1) that once breached there is another layer behind it, and 2) that data is compartmentalized so that at each failure only the minimum necessary data is able to be accessed.
What Cherry is attempting to do here does solve a real issue in physical security. That said, it needs to be audited to determine if it has been implemented correctly or not.
willis936 - Tuesday, December 3, 2019 - linkKISS does apply to security. The most secure computer system is one that doesn't exist.
Reflex - Tuesday, December 3, 2019 - linkI mean, I guess you can choose to look at it that way?
nathanddrews - Wednesday, December 4, 2019 - linkMy non-existent Mac will never get a virus. It also can't play games. Fair trade-off.
BurntMyBacon - Thursday, December 5, 2019 - link@nathanddrews: "My non-existent Mac will never get a virus."
Sounds like a plus.
@nathanddrews: "It also can't play games."
Nothing new here.
@nathanddrews: "Fair trade-off."
I'm not seeing the downside. I too shall augment my security at no detriment to gaming by making my Mac non-existent. (o_O)
rahvin - Tuesday, December 3, 2019 - linkEverything you listed doesn't protect you from a janitor or guest that sticks a hardware keylogger on the computer. Unless you physically lock your computer in the safe at night they are exposed to this type of attack.
Keyloggers are extremely tiny, most people wouldn't even notice them hooked up. They even come in things that look like legitimate powerstrips and other normal desk items. You should investigate it if you didn't realize this, because no amount of careful hardware selection will protect you from this type of attack unless you are physically locking up the computers at when not in use. This product offers a solution to this by possibly locking the only keyboard connection to the supplied keyboard and encrypting all it's traffic to prevent character insertion.
Companies and government agencies with heavy security requirements are likely to use something like this to prevent these type of attack possibilities and there is a TON of specialty hardware available on the open market to execute these types of attacks.