Posted on 07/26/2016 9:08:16 AM PDT by BenLurkin
You should be able to trust your wireless keyboard. And yet security researchers have been warning people to be suspicious of wireless computer accessories using sketchy radio protocols for years. Those warnings peaked five months ago, when hackers at the security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, in case you missed that message, the same researchers have extended their attack to millions more devices—and this time, they can not only inject keystrokes, but also read yours, too.
On Tuesday Bastille’s research team revealed a new set of wireless keyboard attacks they’re calling Keysniffer. The technique, which they’re planning to detail at the Defcon hacker conference in two weeks, allows any hacker with a $12 radio device to intercept the connection between any of eight wireless keyboards and a computer from 250 feet away> What’s more, it gives the hacker the ability to both type keystrokes on the victim machine and silently record the target’s typing.
The keyboards’ vulnerability, according to Bastille’s chief research officer Ivan O’Sullivan, comes from the fact that they all transmit keystrokes entirely without encryption. The manufacturers’ only plan against attackers spoofing or eavesdropping on their devices’ communications is to depend on the obscurity of the radio protocols used. “We were stunned,” says O’Sullivan. “We had no expectation that in 2016 these companies would be selling keyboards with no encryption.”
(Excerpt) Read more at wired.com ...
I like my wired Lenovo keyboard, sure it isn’t nice and shiny like those expensive wireless keyboards and it just always work and does not need batteries. And hackers can’t easily hack it.
Wow, sometimes old tech is best
First thing I do with a new laptop is totally and permanently disable the wireless.
Ok, maybe first I put the band-aid over the camera...
draw the curtains in my Faraday cage...
but seriously, wireless is mischief waiting to happen.
Looks like I’ll be swapping out both of my wireless keyboards. Thanks for posting this.
looks like a general purpose 2.4 Ghz RF sniffer: http://www.geeetech.com/wiki/index.php/Crazyradio
Security by obscurity, isn’t.
I’m more worried they will intercept my mouse’s movements. ;^)
I just key up 1,500 watts on 40 or 75 Meters on my ham rig into the fan dipole and watch the fun begin!
I love keying up and hearing the screams of "DAD!!!!" from two floors up. Makes them want to move out of the house faster.
Kinda stunned at the lack of an authentication protocol — including a checksum based on a confidential key would be quite enough.
Isn’t that the Apple motto?
Well that’s rude to the neighbors too. FCC used to care about that, at least.
I’m sorry, but I have always thought that only an idiot would use a wireless keyboard or mouse with a computer. It’s not as if you need to be running around your house with a keyboard and mouse, you are only ever going to be using it within the range of a cord in the first place.
I can see using them if you are using a television for a monitor and want to lay on the couch across the room, but for most purposes, they’re just adding another annoyance with the need to change batteries.
Even if it is hard wired it can sometimes be spied on (though injecting data may not be possible).
Ha... haven’t they realized they can just turn off the wi fi antenna and run an ethernet cable to the router to avoid that???
I wonder if any of our high tech IT gurus in FR know if using a VPN app with their encrypted servers prevents this danger.
Anyone? Buehler? Anyone?
Of course you can do the same thing with wired keyboards too. It’s a little more difficult, the equipment is a little more expensive, but it can be done and has been done. It’s one of the reasons secure facilities put that magnetic shielding on windows. The fact is if somebody wants your keystrokes and you’re not turning your house into a military grade facility they will get them.
I have a Zagg Wireless keyboard using it with an Apple IPAD.
I haven’t read the article, but I’m leery of my security after hearing about this.
I run a clean station. The problem for both my sons is they're close enough to the fan dipole that their computers suffer from fundamental front end overload.
Neighbors are far enough away that they don't have that issue.
Now, about your FCC comment: The FCC's position on interference from Ham Radio Operators has changed dramatically. If one of my neighbors were to complain, the FCC would tell them succinctly to get the problem fixed with their devices manufacturer. The problem isn't mine, it's the device they purchased.
With so much of our electronics made in China or elsewhere now, the FCC can no longer regulate electronic shielding and rf protection on consumer devices. If you look in a relatively modern device manual, you'll find a paragraph in the front or back of the manual from the FCC which states "this device must accept interference ...." along with some other language. That interference is broadly based, including ham radio.
Conversely, I've had issues with my neighbors devices such as pool filter motors, air compressors, car battery chargers and other devices throwing massive interference into the air that I've picked up and has interfered with my operations. The FCC says my neighbors MUST remedy their interference issues/stop using those devices and quit interfering with me. The premise is I have a Federal License to transmit and receive, they do not. Their devices are considered "transmitting" by the FCC and since the neighbors don't have a license to do so, they're in violation.
Realistically is the FCC going to do anything about my neighbors interference? Not until I attempt to remedy the situation myself, and then complain like HELL to the FCC if they don't. I've had three cases of neighbors devices (named above) interfering with me. All three were successfully and amicably resolved with those neighbors by my providing parts and expertise to fix the issue.
I'm very fortunate that I have great neighbors who've been very supportive of my hobby. Several have called my amateur radio antenna tower "a work of art" and others think it's "cool." The one who hated it moved away several years ago.
I jokingly say I can do it with 1,500 watts, the reality is I can do it with as little as 200. Only happens on 40 and 75/80 meters.
Fortunately for them, I've gotten more into the digital modes (JT-65) lately and aren't running more than 25 watts on any band. :-)
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.