According to Bastille, the security vendor that discovered this issue, this vulnerability, which they nicknamed KeySniffer, affects wireless keyboards from vendors such as Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack, and Toshiba.
Advertisement
All data exchanged between vulnerable keyboards and the USB dongle plugged into the user’s computer is handled in cleartext, allowing the attacker to detect what victim is typing.
Kensington, the maker of another vulnerable keyboard called the Kensington ProFit Wireless Keyboard, released a statement saying it has taken “all necessary measures to close any security gaps and ensure the privacy of users” and has released a firmware update for the device that includes encryption. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack”.
Security researchers have known for some time that wireless keyboards and mice can be susceptible to eavesdropping, but the use of encryption typically prevents compromise of the information being sent. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. They could also generate their own keystrokes to install malware, the researchers say. They use transceivers from MOSART Semiconductor except for Toshiba, which uses one from Signia Technologies, and GE/Jasco, which uses an unknown transceiver. After a few weeks of painstaking reverse engineering work with a software-defined radio-an increasingly common tool for hackers exploring obscure radio frequencies-Bastille researcher Marc Newlin was able to recognize and reproduce any keystroke sent by the keyboards based on their radio signals alone. But with Mousejack, you’d know when you were being hacked.
Numerous devices tested would remain vulnerable, said Bastille, because it was not possible to update the firmware that keeps them operating. As early as 2009 researchers broke the weak encryption of Microsoft wireless keyboards to create a keyboard-sniffing tool called KeyKeriki. Bastille says that all of the wireless keyboards vulnerable to KeySniffer operate in the 2.4GHz ISM band using GFSK modulation. The Microsoft keyboards KeySweeper attacked, by contrast, only transmit at certain moments, like when someone starts typing.
As such, the company recommends that “users of vulnerable keyboards should switch to Bluetooth or wired keyboards in order to protect themselves from keystroke sniffing and injection attacks”.
The attacker doesn’t even have to be physically within the targeted building, he said. Most of the companies didn’t respond to WIRED’s request for comment.
Advertisement
The list of problematic, insecure keyboards has been published on the Bastille website, but the company warns that it should not be considered complete. But Bastille says that there’s no easy fix for the vulnerabilities it’s found, since the wireless devices don’t have a mechanism to push out a patch. The entire device costs no more than $100.
