KeySniffer Vulnerability Lets Hackers Snoop Wireless Keyboards
If you're using a cheap wireless keyboard, you could be opening yourself up to a remote attack capable of intercepting your most sensitive data, according to recent findings from a cybersecurity company. The vulnerability could affect millions of devices and exposes users’ credit card data, bank account passwords, and any information typed into documents or emails.
The security flaw was uncovered by digital security company Bastille, which specializes in detecting and addressing threats targeting the Internet of Things (IoT). The company, which publicly announced its discovery earlier this week, said that the vulnerability affects keyboards made by eight manufacturers: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.
Sniffing Keystrokes 250 Feet Away
Bastille’s research team named the attack technique “KeySniffer,” since it allows hackers to “sniff” the keystrokes from wireless keyboards at distances of up to 250 feet. When they conduct KeySniffer attacks, hackers can eavesdrop and capture all the keystrokes victims type in 100 percent clear text, according to the company.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille research team member Marc Newlin, who discovered the KeySniffer flaw. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”
Those eight manufacturers make the vast majority of inexpensive wireless keyboards, according to Bastille. The vulnerable devices are easy for hackers to detect, as they are always transmitting, whether or not the user is typing, Bastille said. As a result, a hacker can scan a room, building, or public area to discover vulnerable devices at any time.
The scope of the vulnerability is enormous. While other attacks might allow hackers to only access certain kinds of information or information that's delivered over certain channels, KeySniffer allows hackers to intercept virtually all information a user types into a keyboard.
Throw Out Your Cheap Keyboard
While KeySniffer is far from the first vulnerability affect wireless devices, such flaws often just affect devices made by one manufacturer. For example, in 2010, the KeyKeriki team discovered weak XOR encryption in Microsoft’s wireless keyboards. And last year the KeySweeper technique was developed to exploit additional flaws in Microsoft’s encryption protocols.
However, the KeySniffer discovery is different in that it reveals that manufacturers are actually producing and selling wireless keyboards with no encryption at all, according to Bastille. Bluetooth keyboards and higher-end wireless keyboards from manufacturers, including Logitech, Dell, and Lenovo, are not susceptible to the KeySniffer attack.
Bastille said it has already notified the affected vendors to allow them to address the flaw. Unfortunately, the manufacturers' abilities to fix the problem will likely be limited. Bastille said that most, if not all, existing keyboards impacted by KeySniffer cannot be upgraded and will have to be replaced. To be safe, the company advised using either a wired or Bluetooth keyboard instead.
Posted: 2016-07-29 @ 6:46pm PT
Which 4 manufacturers were tested and not found susceptible?
Posted: 2016-07-28 @ 4:25pm PT
This has already been exploited in the wild for a few years! (Don't ask me how I know ;-)