CyberCrimeSecuritySecurity Management

KeySniffer Flaw Exposes Wireless Keyboard Typing

Tom Jowitt is a leading British tech freelance and long standing contributor to TechWeek Europe

Google + Linkedin Subscribe to our newsletter Write a comment

Keystrokes from wireless keyboards transmit with no encryption and can be intercepted from hundreds of feet away

Users of non-Bluetooth wireless keyboards are being warned of a potentially serious vulnerability that could allow their typing to be intercepted.

Bastille Networks tested a number of wireless keyboards from vendors including HP, Radio Shack and Toshiba, and found the flaw that it has called KeySniffer.

The problem stems from the fact that a wide range of these wireless keyboards use unencrypted radio communications that can be easily intercepted by a cheap USB radio antenna costing less than $100 (£76).

KeySniffer Flaw

The researchers were able to intercept user keystrokes and reportedly they could even control the wireless keyboard and insert their own keystrokes. The potential security risk this presents is obvious.

microsoft“KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors,” said the firm. “The wireless keyboards susceptible to KeySniffer use unencrypted radio communication, enabling an attacker up to several hundred feet away to eavesdrop and record all the keystrokes typed by the victim.”

“This means an attacker can see personal and private data such as credit card numbers, usernames, passwords, security question answers and other sensitive or private information all in clear text. The equipment needed to do the attack costs less than $100 putting it in reach of many teenage hackers.”

Even worse, only two keyboard makers, Kensington and General Electric, bothered to issue an response to the discovery of the vulnerability.

Bastille’s list of the affected keyboard models that were tested can be found here. The firm told the BBC that Logitech, Dell and Lenovo used higher-end chips in their wireless keyboards that had stronger security.

Hard Wire

The advice therefore for wireless keyboard users is to consider swooping their wireless keyboard for a Bluetooth-enabled device (which encrypts data over the air), or alternatively utilise a traditional hard-wired keyboard.

It should be noted that wireless keyboards are not the only wireless device whose security has been called into question of late.

Last year Trend Micro in partnership with First Base Technologies criticised the security of popular smartwatches.

A previous study by HP Security also found that many smartwatches carry major security flaws, thanks to their increasing connectivity.

Think you know all about cybersecurity? Try our quiz!