Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Wireless Keyboards Open to Hackers
KeySniffer Vulnerability Lets Hackers Snoop Wireless Keyboards
KeySniffer Vulnerability Lets Hackers Snoop Wireless Keyboards
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
If you're using a cheap wireless keyboard, you could be opening yourself up to a remote attack capable of intercepting your most sensitive data, according to recent findings from a cybersecurity company. The vulnerability could affect millions of devices and exposes users’ credit card data, bank account passwords, and any information typed into documents or emails.

The security flaw was uncovered by digital security company Bastille, which specializes in detecting and addressing threats targeting the Internet of Things (IoT). The company, which publicly announced its discovery earlier this week, said that the vulnerability affects keyboards made by eight manufacturers: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.

Sniffing Keystrokes 250 Feet Away

Bastille’s research team named the attack technique “KeySniffer,” since it allows hackers to “sniff” the keystrokes from wireless keyboards at distances of up to 250 feet. When they conduct KeySniffer attacks, hackers can eavesdrop and capture all the keystrokes victims type in 100 percent clear text, according to the company.

“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille research team member Marc Newlin, who discovered the KeySniffer flaw. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”

Those eight manufacturers make the vast majority of inexpensive wireless keyboards, according to Bastille. The vulnerable devices are easy for hackers to detect, as they are always transmitting, whether or not the user is typing, Bastille said. As a result, a hacker can scan a room, building, or public area to discover vulnerable devices at any time.

The scope of the vulnerability is enormous. While other attacks might allow hackers to only access certain kinds of information or information that's delivered over certain channels, KeySniffer allows hackers to intercept virtually all information a user types into a keyboard.

Throw Out Your Cheap Keyboard

While KeySniffer is far from the first vulnerability affect wireless devices, such flaws often just affect devices made by one manufacturer. For example, in 2010, the KeyKeriki team discovered weak XOR encryption in Microsoft’s wireless keyboards. And last year the KeySweeper technique was developed to exploit additional flaws in Microsoft’s encryption protocols.

However, the KeySniffer discovery is different in that it reveals that manufacturers are actually producing and selling wireless keyboards with no encryption at all, according to Bastille. Bluetooth keyboards and higher-end wireless keyboards from manufacturers, including Logitech, Dell, and Lenovo, are not susceptible to the KeySniffer attack.

Bastille said it has already notified the affected vendors to allow them to address the flaw. Unfortunately, the manufacturers' abilities to fix the problem will likely be limited. Bastille said that most, if not all, existing keyboards impacted by KeySniffer cannot be upgraded and will have to be replaced. To be safe, the company advised using either a wired or Bluetooth keyboard instead.

Tell Us What You Think


Posted: 2016-07-29 @ 6:46pm PT
Which 4 manufacturers were tested and not found susceptible?

Jon W:
Posted: 2016-07-28 @ 4:25pm PT
This has already been exploited in the wild for a few years! (Don't ask me how I know ;-)

Like Us on FacebookFollow Us on Twitter

The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
Security software company McAfee has adapted to many changes over the years, but Chief Executive Chris Young says one thing has remained constant: "our commitment to protecting everyone."
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.