Have you ever worried about how secure that wireless keyboard you’re using really is? A lot of Microsoft wireless keyboards are not very secure: they’re poorly encrypted, making it an easy target for a moderately skilled tech person to create a device to hack it.
For just $10, a hacker can create a camouflaged USB charging device that tracks everything you type on a keyboard. Security researcher and hacker Samy Kamkar developed the device and called it Keysweeper: a cheap and functioning USB wall charger that sniffs and hacks keystrokes made on nearby wireless keyboards and then sends it to the hacker remotely. Samy listed his research on his website on which it shows readers a step by step tutorials on how to create one.
Device can alert the hacker by SMS if certain information is typed, such as a credit card number
To people being spied on, it looks like just another USB charger plugged into a wall socket making it the ultimate hacking weapon for use in public places with internet. The creator can simply put the device into a wall socket of a local library, even a business, and spy on everyone who uses a wireless keyboard nearby.
Wireless keyboard hacking: the next hacking trend?
Wireless keyboard hacking is not new. When you Google “wireless keyboard hacks” you’ll find plenty of examples. The ultimate goal of many hacks, including a wireless keyboard hack, is to get access to sensitive information such as bank accounts and passwords. The key advantages of the wireless keyboard hack over a traditional hack from a hackers perspective are:
- The hacker doesn’t need physical access to the target PC.
- The device is not recognizable as a spy device, while a USB stick on a target machine used in traditional hacks would be.
- It can be a cheap and quick way to get access to a user’s keywords and ultimately passwords.
Keysweeper is an example of a sniffer. A sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network’s security because they are hard to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker’s arsenal.
Are wireless keyboards a security risk?
Microsoft still sells wireless keyboards with XOR encryption, as was also pointed out by Samy since he bought the keyboard he used for his research a few weeks before at a local Best Buy store. So, unless people pay attention to what type of encryption the keyboard that they buy has, they can be vulnerable to these type of exploits. The fact that anyone with mediocre tech skills can develop a similar device for just $10 or less, is scary.
Microsoft released a statement today in response:
“Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology.”
Going for a bluetooth or wired keyboard is still your best bet. You may have to consider whether that extra piece of wire is a price you want to pay for extra safety.
Emsisoft Enterprise Security + EDR
Robust and proven endpoint security solution for organizations of all sizes. Start free trialHave a great (malware-free) day!