Have you ever worried about how secure that wireless keyboard you’re using really is? A lot of Microsoft wireless keyboards are not very secure: they’re poorly encrypted, making it an easy target for a moderately skilled tech person to create a device to hack it.
For just $10, a hacker can create a camouflaged USB charging device that tracks everything you type on a keyboard. Security researcher and hacker Samy Kamkar developed the device and called it Keysweeper: a cheap and functioning USB wall charger that sniffs and hacks keystrokes made on nearby wireless keyboards and then sends it to the hacker remotely. Samy listed his research on his website on which it shows readers a step by step tutorials on how to create one.
Device can alert the hacker by SMS if certain information is typed, such as a credit card number
Keysweeper sniffs, decrypts, logs and reports all your keywords that you enter into any wireless Microsoft keyboard. It can store and log all your input in several ways: on a chip for retrieval later, online and even onto the creator’s mobile phone. Samy’s website even explains how someone can create a similar device with a GSM chip included that can send all the input to the creator’s mobile phone. It can be programmed to send the creator a text message whenever certain keywords such as passwords, a credit card number or bank information is entered. The Keysweeper recharges when plugged in and runs off of battery when not connected to a power source.
To people being spied on, it looks like just another USB charger plugged into a wall socket making it the ultimate hacking weapon for use in public places with internet. The creator can simply put the device into a wall socket of a local library, even a business, and spy on everyone who uses a wireless keyboard nearby.
Wireless keyboard hacking: the next hacking trend?
Wireless keyboard hacking is not new. When you Google “wireless keyboard hacks” you’ll find plenty of examples. The ultimate goal of many hacks, including a wireless keyboard hack, is to get access to sensitive information such as bank accounts and passwords. The key advantages of the wireless keyboard hack over a traditional hack from a hackers perspective are:
- The hacker doesn’t need physical access to the target PC.
- The device is not recognizable as a spy device, while a USB stick on a target machine used in traditional hacks would be.
- It can be a cheap and quick way to get access to a user’s keywords and ultimately passwords.
Keysweeper is an example of a sniffer. A sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network’s security because they are hard to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker’s arsenal.
Are wireless keyboards a security risk?
Technically, all wireless keyboards are encrypted. But the XOR-encryption built into certain Microsoft wireless keyboards can relatively easily be hacked. XOR works by using the boolean algebra function exclusive-OR (XOR). XOR is a binary operator, meaning that it takes two arguments. By itself, using a constant repeating key, a simple XOR cipher can trivially be broken using frequency analysis.
Microsoft still sells wireless keyboards with XOR encryption, as was also pointed out by Samy since he bought the keyboard he used for his research a few weeks before at a local Best Buy store. So, unless people pay attention to what type of encryption the keyboard that they buy has, they can be vulnerable to these type of exploits. The fact that anyone with mediocre tech skills can develop a similar device for just $10 or less, is scary.
Microsoft released a statement today in response:
“Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology.”
Going for a bluetooth or wired keyboard is still your best bet. You may have to consider whether that extra piece of wire is a price you want to pay for extra safety.
Have a great (malware-free) day!
Related Posts:
- Research Compares USB devices to Dirty Needles – What…
- Hacking Identity Theft: Entry points, tools and prevention
- Managing network threats: Using Wifi securely and…
- Chthonic trojan on the rise!
- Hacking Identity Theft 2: More Entry Points, More Tools, And
Keysweeper: proof that it’s relatively simple to hack a wireless keyboard
If you visited the official news website of North Korea recently, chances are likely that you have installed malware on your computer. Security analysts believe that hackers planted malware on the home page in order to form a “watering hole” attack.
The largest hackers group in the world, Anonymous, released a video condemning the attacks on Charlie Hebdo in Paris, in which 12 people, including eight journalists, were murdered. The video, originally released in French, was uploaded to the group’s Belgian YouTube account and quickly went viral. In the video the Anonymous group declare war on Al-Qaeda, the Islamic State and other terrorists.
In the past 24 hours, malware has spread to Android devices through an app called Android/Badaccents. The app claims to download the movie The Interview, but instead torments Android users who download the app with a banking trojan that aims to track and remove financial information from mobile devices. Users who elect to download the pirated movie using Android/Badaccents are subject to a big risk of infection and the malware has the capability to spread further once it is installed. Android/Badaccents has currently infected more than 20,000 Android users.
Protect your Android device – Don’t Pirate!
In the past 24 hours, malware has spread to Android devices through an app called Android/Badaccents. The app claims to download the movie The Interview, but instead torments Android users who download the app with a banking trojan that aims to track and remove financial information from mobile devices. Users who elect to download the pirated movie using Android/Badaccents are subject to a big risk of infection and the malware has the capability to spread further once it is installed. Android/Badaccents has currently infected more than 20,000 Android users.
Protect your Android device – Don’t Pirate!
In the past 24 hours, malware has spread to Android devices through an app called Android/Badaccents. The app claims to download the movie The Interview, but instead torments Android users who download the app with a banking trojan that aims to track and remove financial information from mobile devices. Users who elect to download the pirated movie using Android/Badaccents are subject to a big risk of infection and the malware has the capability to spread further once it is installed. Android/Badaccents has currently infected more than 20,000 Android users.
Protect your Android device – Don’t Pirate!
In the past 24 hours, malware has spread to Android devices through an app called Android/Badaccents. The app claims to download the movie The Interview, but instead torments Android users who download the app with a banking trojan that aims to track and remove financial information from mobile devices. Users who elect to download the pirated movie using Android/Badaccents are subject to a big risk of infection and the malware has the capability to spread further once it is installed. Android/Badaccents has currently infected more than 20,000 Android users.
Protect your Android device – Don’t Pirate!