Warning this article may contain opinions of the author that you and iTWire don't necessarily agree with. Don't let them get away with it - have your say with a comment!

No. 1 Story

HP job cuts loom for Australian employees

A number of Australian employees of Hewlett-Packard are facing the loss of their jobs as the global computer giant looks to slash its worldwide workforce by up to 30,000.

read more

More From

Popular Threads

Shock! Horror! Wireless keyboards not secure

Stephen Withers
Thursday, 06 December 2007 02:35

Opinion and Analysis

View Comments
Forgive our cynicism, but why would anyone expect a relatively inexpensive wireless keyboard to be secure?
A Swiss company called Dreamlab Technologies has published a white paper describing in general terms how it was able to intercept the stream of keystrokes transmitted by two models of Microsoft 27MHz wireless keyboards.

To quote the summary, "After of analyzing wireless keyboard communication, Dreamlab is able to understand their functionalities, eavesdrop their traffic, crack the encryption key and decrypt the data into clear text keystrokes. The keystokes from any analyzed keyboard within the radio receiver's range can be sniffed at the same time."

It seems that the encryption applied to the data transmitted by the keyboard is so minimal that it hardly deserves the term. Each keystroke is XORed with a random byte generated when the keyboard and receiver are associated.

It's tempting to suggest this scheme could be cracked with pencil and paper once the data stream has been captured.

"Using simple wordlist checking in combination with a weightening algorythm [sic], every data in range can be decrypted within only a few keystrokes," wrote researchers Max Moser and Philipp Schrödel.

Dreamlab was able to construct a system to capture, decode and log streams of keystrokes from multiple wireless keyboards at once - a super wireless keylogger, if you like.

While Moser and Schrödel have provided a service by revealing just how insecure wireless keyboards, it's not that it's a new issue. Quite soon after wireless keyboards took off, users began to notice that one computer might start receiving keystrokes for another when both devices happened to pick the same code. Later models increased the number of device codes used in order to make such collisions less likely even in densely-packed offices.

That's not the same as deliberate eavesdropping, but it was a clear indication that wireless keyboards were not to be trusted - especially in an apartment block or multi-tenanted office building.

Our Services for Technology Professionals

E - mail News SMS Headlines Desktop Alerts News Feeds Job Alerts Technology Events Press-Releases