Security researchers at Bastille Networks have identified a critical vulnerability that affects wireless keyboards from several manufacturers. They have named this vulnerability KeySniffer.
The affected keyboards use 2.4GHz radio-frequency and do not encrypt the signal they send to the USB receiver plugged into the computer. The lack of encryption allows hackers to eavesdrop on everything users type, including website addresses, usernames, passwords, credit card numbers and personal communication.
Besides eavesdropping on the victim’s keystrokes to steal information, an attacker can also remotely “type” their own malicious keystrokes into the victim’s computer. This type of injection can be used to install malware, steal data, or otherwise damage the victim’s computer or data.
The relatively long range of 2.4GHz radio signal means that these attacks can be performed from as far as several hundred feet away, outside of the victim’s home.
Bastille identified the keyboards from the following manufacturers as affected by this vulnerability:
- General Electric
- Radio Shack
If you own a wireless keyboard from one of these manufacturers, check here to see if your specific model is affected. Several of the vendors have already offered refunds, exchanges or firmware updates. Owners are advised to upgrade to a more sophisticated wireless keyboard that encrypts wireless communications.
I am as baffled by wireless keyboards as I am by wireless mice. Except for someone presenting to a large group or classroom, while using a computer located somewhere like the sound-system or AV room, neither of these input staples would seem to offer the deskbound user much advantage, and have the added disadvantage of batteries that die. Wired keyboard and mice forever, says Old Grumpy Man!