| Shock! Horror! Wireless keyboards not secure |
|
| by Stephen Withers | |
| Thursday, 06 December 2007 | |
  
Featured Whitepaper
5 Best Practices for Smartphone Support
To quote the summary, "After of analyzing wireless keyboard communication, Dreamlab is able to understand their functionalities, eavesdrop their traffic, crack the encryption key and decrypt the data into clear text keystrokes. The keystokes from any analyzed keyboard within the radio receiver's range can be sniffed at the same time." It seems that the encryption applied to the data transmitted by the keyboard is so minimal that it hardly deserves the term. Each keystroke is XORed with a random byte generated when the keyboard and receiver are associated. It's tempting to suggest this scheme could be cracked with pencil and paper once the data stream has been captured. "Using simple wordlist checking in combination with a weightening algorythm [sic], every data in range can be decrypted within only a few keystrokes," wrote researchers Max Moser and Philipp Schrödel. Dreamlab was able to construct a system to capture, decode and log streams of keystrokes from multiple wireless keyboards at once - a super wireless keylogger, if you like. While Moser and Schrödel have provided a service by revealing just how insecure wireless keyboards, it's not that it's a new issue. Quite soon after wireless keyboards took off, users began to notice that one computer might start receiving keystrokes for another when both devices happened to pick the same code. Later models increased the number of device codes used in order to make such collisions less likely even in densely-packed offices. That's not the same as deliberate eavesdropping, but it was a clear indication that wireless keyboards were not to be trusted - especially in an apartment block or multi-tenanted office building. |
Tags
| < Next story in category |
|---|
