Wireless keyboards being sold on the market are vulnerable to hacks. Researchers have uncovered a clever and rather simple way hackers use to snoop on the keystrokes. By intercepting code that runs between the keyboards and the USB dongle they are wirelessly connected to, hackers can easily monitor all keyboard-based activity.
Hackers are able to eavesdrop on almost all of the best wireless keyboards currently available in the market, claim researchers. Security experts finding vulnerabilities in such seemingly mundane technologies have been able to confirm that the hacking technique works on at least eight of the most popular wireless keyboards currently being sold. What’s even more concerning is the fact that the hackers need not be anywhere near the actual device to snoop on the words or passwords being entered on the computer, laptop, or smartphone.
Hackers can easily eavesdrop on users of eight popular wireless keyboard brands available on the market today, reported Threatpost. The security vulnerability was discovered by cyber-security firm Bastille. The firm claims the hack allows snoopers to monitor keystrokes and keyboard activity from as far as 250 feet. If that’s not all, the hack doesn’t require complex coding or expensive hardware. All the components required for hackers to listen to your keyboard are easily available.
Despite the alarming simplicity in assembling the hack, researchers claim top wireless keyboards from reputed manufacturers like HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec can be compromised. Essentially, every keystroke that the wireless keyboard sends to the computer through the USB dongle attached to the computer, can be listened to and logged for analysis. Software currently available can easily make sense of the keystrokes and discover passwords, browsing history and other highly-sensitive information about the unsuspecting user.
How are wireless keyboards hacked? Bastille is calling the new hack “KeyJack.” The technique works by simple modifications made to the software on a commercially available USB dongle which acts as the bridge between the wireless keyboard and the computer it is attached to. The hacker has to merely procure a 2.4 GHz radio transmitter and an antenna, which can be bought for less than $100 online, reports PCMag.
By modifying the transmitter’s firmware, and using the antenna to boost its range, the assembly takes advantage of the laughably lax keyboard’s security to capture any unsuspecting victim’s keystrokes. If the hacker desires, he can just as easily send his own commands to the receivers connected to the user’s computer. Speaking about the poor security incorporated within the wireless keyboards by well-known brands, Bastille researcher Marc Newline said the following.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product. Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”
What’s concerning is that data continues to flow between the wireless keyboard and the USB dongle, continued Newlin.
“Even if the user is not at their computer or typing on their keyboard the USB dongle is constantly transmitting data wirelessly. That makes it easy for an attacker to survey a building, room or area and quickly identify all these keyboards that are vulnerable to this type of attack.”
Is your wireless keyboard susceptible to snooping? Logitech keyboard users are said to be safe since the company incorporates stringent security protocols to render the hack useless. Additionally, users of wireless keyboards that rely on Bluetooth connectivity and not the USB dongle that many manufacturers usually bundle with their products, can continue to type away in peace, reports Wired.
Note: Users of wireless keyboards are advised to check out the list of affected devices here.
[Photo by Peter Dazeley/Getty Images]