Security firm cracks encryption for Microsoft's wireless keyboards

Dreamlab Technologies AG says it has found a way to sniff the data traffic between Microsoft's wireless keyboards and their base stations, which communicate with each other on the 27 MHz band. In the method they discovered, unauthorized parties are reportedly able to record and decrypt all keystrokes from such keyboards. The decoding was demonstrated using data traffic from the Wireless Optical Desktop 1000 and 2000. The security firm says that other keyboards that Microsoft sells, such as the Wireless Optical Desktop 3000 and 4000, encrypt and transmit data using the same procedure, so that they are also probably unsafe. Keyboards that use Bluetooth for communication are not vulnerable.

Max Moser and Philipp Schrödel say that decryption was very easy because the devices use a simple XOR mechanism for encryption and the keys are only one byte long. They claim that even a PDA with a slow ARM-CPU would have derived the combination quickly. Aside from not using such keyboards, there is no workaround. Microsoft has yet to react to the Swiss firm's announcement.

so how does this affect joe six pack using one of these wireless keyboards and a hacker online 1000 miles away? Not sure I understand the way someone would de code the encryption over the internet, or is this article demonstrating this scenario in an office environment where every cubicle sits a Microsoft WirelessDesktop 1000 and while cubicle worker Tom is busily typing to a love interest that is not his wife, cubical worker Jim with a little too much time on his hands can follow Tom’s every keystroke?

Well they’re no good for classrooms whether or not there’s a security issue. When IBM came out with it’s ill-fated “PC Jr.” back in 1983 or so, schools nationwide soon found that the kids loved pointing the keyboard at somebody else’s computer and typing away.

I guess I should care, but I don’t. An $8 keyboard will do the job nicely. If you want iron clad security, don’t use a wireless device.

If you're not going to bother to do better than a one byte XOR, you shouldn't be calling it "encrypted". People who don't know better might think that a company like Microsoft, with all their billions of dollars could do better than your average ten year old when it comes to "encrypting" data.

so how does this affect joe six pack using one of these wireless keyboards and a hacker online 1000 miles away? Not sure I
understand the way someone would de code the encryption over the internet, or is this article demonstrating this scenario in an office environment where every cubicle sits a Microsoft WirelessDesktop 1000 and while cubicle worker Tom is busily typing to a love interest that is not his wife, cubical worker Jim with a little too much time on his hands can follow Tom’s every keystroke?

It's not an internet attack, so that's not relevant. Consider a corporate environment where someone might have such a keyboard, and have all of their passwords floating through the air to anyone who cared to listen. You might want to keep in mind that the vast majority of "hacking" takes place by insiders, not evildoers on the other side of the firewalls.

The real key IMO is that this is being sold as a device that "encrypts" the data channel. Put simply, it's false advertizing at best.

so how does this affect joe six pack using one of these wireless keyboards and a hacker online 1000 miles away?

The article also mentions that the keyboard communicates on the "27 MHz band", which is also where the old CB (Citizen's Band) is located. So, if the skip is just right (and you have your keyboard connected to a big ol' afterburner and a really big set of ears), I guess it MIGHT be possible for a hacker located on the other side of the continent to hear you...

So, if the skip is just right (and you have your keyboard connected to a big ol' afterburner and a really big set of ears), I guess it MIGHT be possible for a hacker located on the other side of the continent to hear you...

Yeah, but only if you have a single-sideband keyboard.

"so how does this affect joe six pack using one of these wireless keyboards"

How about when joe six pack is sitting there typing away managing his bank account online or purchasing something from a web site while 'hacker-x' is sitting outside of joe's house capturing everything. Of course this already goes on for those poor lost souls who continue to not use WPA PSK wireless access points.

I really don't mean to laugh, but a one byte XOR? OMG how incredibly lame.

Remember back in the days of Windows NT, when all you had to do was change one registry key to turn Workstation into Server?

Some of the folks at Microsoft come up with great products. Unfortunately, most of the folks there do not.

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.