Researchers at security firm Bastille warn that many wireless keyboards can be very easily intercepted so hackers can see exactly what is being typed. With a very simple dongle called Keysniffer, it is possible to snoop on usernames, passwords and anything else that is being typed from up to 250 feet away.
In all, Bastille found that eight manufacturers produce keyboards — meaning there are millions in use — which use unencrypted radio communication to transmit easily captured clear text. The problem affects non-Bluetooth devices from the likes of Anker, Hewlett-Packard, Kensington and Toshiba.
The list of problematic, insecure keyboards has been published on the Bastille website, but the company warns that it should not be considered complete. “Please note: we have tested the above products, but this should not be considered an exhaustive list of all vulnerable keyboards. There may be other brands/models that are vulnerable to this, or other attacks”.
While the problem is well known and not new, Bastille says that the companies have done nothing to either rectify the issue, or to warn users about it. The researchers explain:
The keyboards susceptible to the KeySniffer vulnerabilities use undocumented transceivers, which necessitated the Bastille Research Team reverse engineering the physical layer and radio frequency packet formats before the data could be examined. Vulnerable keyboards from Hewlett-Packard, Anker, Kensington, RadioShack, Insignia, and EagleTec use transceivers from MOSART Semiconductor. Vulnerable keyboards from Toshiba use transceivers from Signia Technologies, and vulnerable keyboards from GE/Jasco use an entirely unknown transceiver.
All of the wireless keyboards vulnerable to KeySniffer operate in the 2.4GHz ISM band using GFSK modulation, which is similar to the modulation scheme employed by Bluetooth and other proprietary wireless keyboards (note that this refers to how the binary data of a keystroke packet is turned into a radio waveform, rather than how the packet is constructed or if encryption is used). The techniques used to reverse engineer the undocumented transceivers were presented at the Hack in the Box Security Conference in Amsterdam.
The solution? Switch to a wired keyboard, or upgrade to a decent Bluetooth keyboard that offers some level of security. Upgrading is important as in many cases there is no fix due to the impracticality, or impossibility, of updating keyboard firmware.