A newly discovered set of wireless keyboard vulnerabilities can let hachers take over your keyboard and secretly record what you type. It’s called KeySniffer, and it spells death for millions of wireless, radio-based keyboards.
According to security researchers at Bastille, the so-called KeySniffer vulnerability affects wireless keyboards that use a less secure, radio-based communication protocol rather than a Bluetooth connection. The affected keyboards come from eight different hardware makers and use transceiver chips or non-Bluetooth chips. These chips are cheaper than Bluetooth chips, but they also don’t receive Bluetooth’s frequent security updates. That’s a problem.
KeySniffer in action.
After researcher Marc Newlin reverse engineered these keyboards’ physical layer packets, he saw that the information being transmitted was unencrypted. This means someone within a several hundred yard radius and a relatively cheap radio dongle (which you can buy on Amazon) could secretly see everything you type, including passwords, credit card numbers, and weird porn search terms.
Although KeySniffer isn’t the first wireless vulnerability ever discovered, it’s certainly one of the biggest. Previous vulnerabilities include weak encryption issues with a keyboard made specifically by Microsoft. These affected keyboards, many of them low-cost wireless keyboards, are in use in millions private homes, business, and government facilities. Here’s how a similar vulnerability called KeySweeper works. It’s terrifying:
Bastille says it hoped that hacks like last year’s KeySweeper would have been a “wake up call” regarding non-Bluetooth keyboards. Clearly, that’s not the case. Here are the eight manufacturers that KeySniffer is known to affect:
- General Electric
- Radio Shack
Bastille, which also uncovered a frightening peripheral hack this past February, built a dedicated website for the new KeySweeper threat. There you can find out if this set of vulnerabilities affects the exact make and model of your keyboard.
Unfortunately, there is no way to retroactively add security features to these keyboards, so you’ll just have to swap out with a more secure one. You might want to try one with a wire, or at the very least, Bluetooth. [Bastille via Wired]