It turns out that cheap wireless keyboards and mouse dongles aren’t too secure and they can easily be hacked for the transmission of their data happens over unencrypted radio network.
Researchers from Bastille Networks have shown that wireless keyboards are susceptible to attack that is called Keysniffer. The wireless keyboards are so insecure that not only it is possible to inject keystrokes, but it is also possible to record what a particular victim is typing – similar similar to those old keyloggers. The surprising bit is that almost all keyboards that the researchers examined suffered from the flaw for they lack encryption for transmission of data.
The vulnerability allows malicious users to sniff and inject keystrokes from just 250 yards away and the worst bit about this flaw is that the hackers don’t even need to procure expensive equipment to carry out the attack. As described by Marc Newlin of Bastille Research, Keysniffer is a set of security vulnerability that affects non-Bluetooth wireless keyboards from eight vendors.
Researchers say that these eight vendors are Anker, EagleTec, General Electric, HP, Insignia, Kensington, Radio Shack and Toshiba. Researchers also add that all the vulnerable keyboards operate in the 2.4GHz ISM band using GFSK modulation. The manufacturers of these keyboards don’t encrypt the keystroke data before it is sent to the wireless USB dongle. The lack of security protocol allows for attackers to eavesdrop on target’s typing and even transmit their own malicious keystrokes.
With keystroke sniffing, attackers gains access to email addresses, usernames, passwords, credit card information and other sensitive information. While wireless keyboards for long have been susceptible to keystroke sniffing, the ones affected by Keysniffer can be attacked even when the user is not typing or not present anywhere near the keyboard.
Is there a way to mitigate this vulnerability? The security researchers at Bastille Networks say there is no way to protect these keyboards since they don’t support firmware updates. The only way to protect one from eavesdropping is by switching to wired or Bluetooth keyboards.