WIRELESS KEYBOARD and mice from a number of big-name brands transmit keystrokes unencrypted or poorly encrypted, enabling them to be sniffed from distances of up to 100 metres.
That's according to new research, which comes at least seven years after the first investigations into wireless keyboard security highlighted glaring vulnerabilities.
Tens of millions of wireless keyboards and mice are in use worldwide, but a hacking tool called KeySniffer can identify the keystrokes of wireless keyboards from at least eight companies. The security flaws could enable a determined attacker to sniff passwords and other sensitive information from the devices.
The tool was developed by security company Bastille. It was used to test devices from 12 manufacturers and found security holes in products from eight of them.
The affected brands include Anker, EagleTec, General Electric, HP Inc, Insignia, Kensington and Radio Shack. Significantly, perhaps, devices from Microsoft and market leader Logitech appear to be secure.
"Vulnerable keyboards are easy for hackers to detect as they are always transmitting, whether or not the user is typing. Consequently, a hacker can scan a room, building or public area for vulnerable devices at any time," warned Bastille in an advisory.
Part of the problem, claimed the company, is that wireless keyboards typically transmit at 2.4GHz bands using proprietary tools and, unlike Bluetooth, there is no security standard that all manufacturers can adopt.
"In order to prevent eavesdropping, high-end keyboards encrypt the keystroke data before it is transmitted wirelessly to the USB dongle. The dongle knows the encryption key being used by the keyboard, so it is able to decrypt the data and see which key was pressed," said Bastille Networks engineer Marc Newlin (pictured).
"[But] many of today's inexpensive wireless keyboards do not encrypt the keystroke data before it is transmitted wirelessly to the USB dongle.
"This makes it possible for an attacker to eavesdrop on everything a victim types, as well as transmit their own malicious keystrokes, which allows them to type directly on the victim's computer."
Only two of the eight vendors have responded to the research. Kensington said in a statement: "We have taken all necessary measures to close any security gaps and ensure the privacy of users.
"Kensington has released a firmware update that includes AES encryption. Products with the new firmware will be updated with a new part number, K72324USA."
This is not the first time that wireless keyboards and mice have been the subject of hackers' attentions.
The first research into the security of wireless devices was conducted in about 2009, and the majority were insecure until the development of KeyKeriki, a small device designed to be used surreptitiously in the target environment where it would log keystrokes for download and analysis later.
"Consider this scenario. You are in your home office and logging into your bank account using your computer that has a wireless keyboard," wrote security specialist Siva Ram at the time.
"Someone is outside your window (or has dropped the device there) and is logging your credentials. Or you are making a purchase and typing in your credit card and CVV number. Someone is getting all this information.
"Another scenario is if someone slips this device into their laptop bag and brings it to work. They can potentially log all the keystrokes from all the people in neighbouring cubicles."
A number of manufacturers have since improved the security of wireless keyboards and mice, most notably Logitech, but many manufacturers, including some big names, still don't appear to have caught up.
The KeyKeriki team exposed weaknesses in the XOR encryption used in a number of wireless keyboards from Microsoft in 2010, while an exploit called KeySweeper was developed in 2015 to take advantage of the vulnerability. µ
Wants to stop the apathy surrounding security breaches
Come on Barbie, let's go party... with Siri
Penguin joins Club, takes biscuit
The social network knows what you did Summer 2007