Researchers at Security Company Bastille have warned that most wireless keyboards can be easily intercepted allowing hackers to see what is being typed. According Bastille Research team, with a very simple dongle called Keysniffer, it is possible to snoop on email addresses, usernames, credit card numbers, passwords and private messages that are being typed from as far as up to 250 feet.
According to Bastille, “Wireless keyboards do not encrypt the keystroke data before it is transmitted wirelessly to the USB dongle. This makes it possible for an attacker to both eavesdrop on everything a victim types, as well as transmit their own malicious keystrokes, which allows them to type directly on the victim’s computer.”
And if you think it is only small companies whose keyboards are susceptible to this hack, you got it wrong. According to the report, KeySniffer affected devices include keyboards from Anker, EagleTec, General Electric, Hewlett-Packard , Insignia, Kensington, Radio Shack and Toshiba.
Wireless keyboards commonly communicate using proprietary protocols operating in the 2.4GHz ISM band. In contrast to Bluetooth , there is no industry standard to follow, leaving each vendor to implement their own security scheme.
These keyboards work by transmitting radio frequency packets from the keyboard to a USB dongle plugged into a user’s computer. Whenever a user types on the keyboard, information describing the specific keystrokes is sent wirelessly to the USB dongle. The USB dongle listens for radio frequency packets sent by the keyboard, and notifies the computer whenever the user has pressed, or released, a key.
In order to prevent eavesdropping, high-end keyboards encrypt the keystroke data before it is transmitted wirelessly to the USB dongle. The dongle knows the encryption key being used by the keyboard, so it is able to decrypt the data and see which key was pressed. Without prior knowledge of the encryption key, an attacker is unable to decrypt the data, and therefore unable to see what is being typed.
The researchers suggest that users of vulnerable keyboards should switch to Bluetooth or wired keyboards to protect themselves from keystroke sniffing and injection attacks.