This is a frightening development. Looks like all those wireless keyboards out there are vulnerable to KeySniffer! Time to upgrade. This hacking vulnerability and many others are explored in great depth in my latest novel, 4o4 - A John Decker Thriller, about the surveillance state, recently listed as a Top Ten Amazon Bestseller in Technothrillers. For more on this story, visit Gizmodo.
Millions of Wireless Keyboards Can Let Hackers See What You're Typing
A newly discovered set of wireless keyboard vulnerabilities can let hackers take over your keyboard and secretly record what you type. Itâs called KeySniffer, and it spells death for millions of wireless, radio-based keyboards.
According to security researchers at Bastille, the so-called KeySniffer vulnerability affects wireless keyboards that use a less secure, radio-based communication protocol rather than a Bluetooth connection. The affected keyboards come from eight different hardware makers and use transceiver chips or non-Bluetooth chips. These chips are cheaper than Bluetooth chips, but they also donât receive Bluetoothâs frequent security updates. Thatâs a problem.
After researcher Marc Newlin reverse engineered these keyboardsâ physical layer packets, he saw that the information being transmitted was unencrypted. This means someone within a several hundred yard radius and a $30 to $40 radio dongle (which you can buy on Amazon) could secretly see everything you type, including passwords, credit card numbers, and weird porn search terms.
Although KeySniffer isnât the first wireless vulnerability ever discovered, itâs certainly one of the biggest. Previous vulnerabilities include weak encryption issues with a keyboard made specifically by Microsoft. These affected keyboards, many of them low-cost wireless keyboards, are in use in millions private homes, business, and government facilities. Hereâs how a similar vulnerability called KeySweeper works. Itâs terrifying:
Bastille says it hoped that hacks like last yearâs KeySweeper would have been a âwake up callâ regarding non-Bluetooth keyboards. Clearly, thatâs not the case. Here are the eight manufacturers that KeySniffer is known to affect:
- Anker
- EagleTec
- General Electric
- Hewlett-Packard
- Insignia
- Kensington
- Radio Shack
- Toshiba
Bastille, which also uncovered a frightening peripheral hack this past February, built a dedicated website for the new KeySweeper threat. There you can find out if this set of vulnerabilities affects the exact make and model of your keyboard.
Unfortunately, there is no way to retroactively add security features to these keyboards, so youâll just have to swap out with a more secure one. You might want to try one with a wire, or at the very least, Bluetooth.
Recent Comments