Could hackers be stealing your data from hundreds of feet away?
With just under $100 in equipment, attackers with the right knowhow can see every keystroke you enter on wireless keyboards from a number of major manufacturers. Not only that, but they’re also able to send commands via your keyboard, which opens up the possibility of remotely installing malware, fiddling with financial sites, and a whole host of scary possibilities.
The vulnerability was discovered by Bastille Networks, who shared more information on a page they’ve dedicated to the issue:
KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors. The wireless keyboards susceptible to KeySniffer use unencrypted radio communication, enabling an attacker up to several hundred feet away to eavesdrop and record all the keystrokes typed by the victim. This means an attacker can see personal and private data such as credit card numbers, usernames, passwords, security question answers and other sensitive or private information all in clear text. The equipment needed to do the attack costs less than $100 putting it in reach of many teenage hackers.
The keyboard manufacturers affected by KeySniffer include: Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack and Toshiba.
One of the more concerning aspects of this vulnerability is that attackers don’t even need to be in the building to be capturing your keyboard entries. Using a combination of inexpensive radio equipment one can easily purchase from retail stores, attackers can operate from as much as 250 feet (almost 3/4 of a football field!) away.
What’s the solution? While Bluetooth is more secure than regular wireless, Bastille Networks recommends going with a wired keyboard for ultimate security.
The BCM Blogging Team