Are wireless keyboards secure?

I was sitting here typing on my wireless keyboard wondering what I could write about and explore next; when, low and behold it hit me.  Are wireless keyboards secure? In other words, could another person intercept my keystrokes as I typed from my wireless keyboard?  If this is possible, this is not good.  In my case I am an internet junkie and my credit card numbers, usernames and passwords to all of my accounts, could be stolen. I know as an IT professional that wireless networking can be a security risk; so why not wireless keyboards.

Wireless Keyboard

During my research I soon found out quickly from an article at Enterprise Security Today, titled “Symantec Warns of of Wireless Keyboard Security Threat”, that a new form of attack aimed at users of wireless keyboards had been uncovered.

Excerpts from that article:

The warning follows the release of Keykeriki, an open-source “sniffer” project that allows users to remotely decode wireless transmissions.

The project was created by a site called remote-exploit.org. “This open-source hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only),” the site notes.

Symantec warned that, although the creator’s intentions appear honorable, making the software code and hardware schematics open to everyone means that criminals could use the software to eavesdrop on wireless keyboard inputs.       [ Source: Enterprise Security Today ]

I then came across excerpts and a YouTube video with Steve Gibson, Security Expert and Founder of GRC.com (makers of the Spinrite hard drive data recovery software), being interviewed by Leo Laporte (from the “The Lab with Leo Laporte”) regarding “The Frightening Insecurity of Wireless Keyboards” (see excerpts and video below).

Having a keystroke logger installed on a computer is one of the worst things that can happen. But what it everything you type on your wireless keyboard can be easily intercepted by a neighbor or office worker?!!! It turns out, it probably can be.

Leo and I will examine and describe the incredibly weak “encryption” used on Microsoft’s 1000 and 2000 series (and probably other) wireless keyboards to show how easily that encryption can be broken to allow anyone within “radio range” to log everything typed.

If you Google: “wireless keyboard encryption” right now you’ll find a number of links to articles about the recent revelation of how simple Microsoft’s wireless keyboard encryption is. [ Source: The Lab with Leo Laporte ]

[ CLICK HERE TO SEE VIDEO ]

Lab With Leo Laporte

Needless to say, following my reviews of this information, I am considering going back to a wired keyboard; at least until the wireless keyboard manufacturers can responsibly demonstrate that the data being transmitted from my keyboard to the receiver is encrypted and is not at risk of being intercepted.

StumbleIt

jaanix post to jaanix

Bookmark and Share

[ CLICK HERE TO LEAVE A COMMENT ]

About these ads

13 Responses to Are wireless keyboards secure?

  1. Bill Mullins says:

    Rick,

    I’m not sure you should worry too much. Attacks of this type are generally target specific. Someone needs to want the info you possess desperately to try this attack vector. Maybe in high level enterprise and government environments …….

    A little known attack vector is acoustic spying, in which wired keyboard key clicks and other keyboard sounds can be acoustically spied on, and used to determine what is being typed. A relatively simple application is available to do this.

    Why go to all this high tech trouble though, when a simple driveby download (the cause of 90% of current malware and spyware infections), can accomplish the same thing with almost no effort on the part of the cyber-criminal?

    We live in a “click crazy” world, which makes the cyber-criminals job a snap. No need for them to become a James Bond wanna-be.

  2. techpaul says:

    I applaud you for this thoughtful write up of yet one more security issue that people should at the very least be aware of. (Adding Steve & Leo is a very nice touch; I am a fan of TWiT.TV!)

    One factor to consider is range, which is rather limited, and I believe extends to the next room. So, this might be more a concern in a college dorm, hotel/motel, or airport lounge than in a residence.

    And Mr. Mullins makes an excellent point in his comment. Cyber-criminals operate on the low-hanging fruit principle as much as anyone else, and sadly their jobs are much too easy! Obsolete and unpatched browsers, operating systems, and software can be found on almost any machine — and exploited.
    The best defense is to keep all your software updated, and the best tool for that (IMHO) is to download and run Secunia’s Personal Software Inspector.

    Great article! Great food for thought! A tip of my geek hat to you, sir!

  3. [...] Are wireless keyboards secure? [...]

  4. Ramblinrick says:

    TechPaul & Bill,

    I was actually excited to write this post because I knew if I went with this article I would get input from you both; and expert opinions at that… I learn something new everyday from you guys. This is like James Bond stuff or something the CIA would use to target a specific individual. It just hit me whether or not it is even possible to do this and it is.

    As always, I appreciate what you both have to say and I take it to heart!

    Rick

  5. techpaul says:

    Well, Rick, thanks to those *geniuses* who published the tool, you don’t have to be James Bond… you just have to be able to access the Internet.

  6. pochp says:

    Even though I don’t use wireless yet, I’m using Secunia as Paul has suggested.
    Too many geeks are against wireless.

  7. worddreams says:

    Read this Scientific American article on my blog post (http://delamagente.wordpress.com/2009/07/07/five-little-known-ways-to-hack-a-computer/ for address). Your concern is just the tip of the iceberg.

    Fascinating stuff.

  8. [...] Ways of How Your Data Can Be Stolen A reader of the recent blog post titled “Are Wireless Keyboards Secure?” shared this article with me that I clipped for you to see.  It is fascinating to see what lengths [...]

  9. [...] and greatest AV products – take a look at Atypical Ways of How Your Data Can Be Stolen, and Are Wireless Keyboards Secure?, on Rick’s site. You might be in for a [...]

  10. [...] the threats and risks you may have encountered or heard about before. This time, the target is your wireless keyboard. Yes, you read it right! Your wireless keyboard can be used against you through eavesdropping, [...]

  11. Bill Freid says:

    I enjoy the blog. I use an old wired external keyboard to the laptop. It cost me $3 at a yard sale.

    As an aside, “LO” is an Old English word expressing shock or surprise.

    In re: “[W]hen, low (sic) and behold it hit me.”

  12. Hey Rick, Thanks for the post. Much appreciated.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 244 other followers

%d bloggers like this: