Re: RegisterEventHotKey and keylogging
Re: RegisterEventHotKey and keylogging
- Subject: Re: RegisterEventHotKey and keylogging
- From: Michael Vannorsdel <email@hidden>
- Date: Sat, 6 Feb 2010 03:34:30 -0700
I found that I can hotkey any keys and then use CGEventPost to post
the key to the front application. This effectively lets me track all
the keys the user presses from a non-privileged application while
still sending input to the key window/process. I was also able to see
my admin pass as it was typed in to an authentication window without
any side-effects.
Am I missing something or is this a security flaw?
On Feb 2, 2010, at 3:15 AM, Symadept wrote:
Hi Michael,
Basically RegisterEventHotKey registers given combination of hotkey
identified with the keycode. If it happens to be your pressing key
is registered as hotkey then you wont be able to see that. Lets say
you have registered A as hotkey in some application then either in
your password or username field you can never be able to print A and
inturn fires hotkey which may be the response of that particular app.
Hope it is clear to you.
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden