For those of our readers who use a wireless keyboard, we have some serious news for you – your keyboard is giving away your keystrokes. And now that we have your attention, you must be wondering how in the heck can someone do that. Well, it is fairly simple: Get a good quality antenna (preferably with a good coverage), a dongle device and a few lines of Python language coding, and any hacker can access all your keystrokes literally, from them sitting in a van parked outside your house. Whenever you type login credentials, your credit card number and its CCV code, your facebook messages, they can access them.
This attack, as easy as it sounds, can’t be easily patched because of the vulnerability in cheap wireless keyboards used almost everywhere.
And here is how it works. Firstly, most wireless keyboards use standard or untested wireless protocols that connect them to a PC, or the hardware connected to the PC. However, unlike Bluetooth, which is a recognized standard wireless system – that has been researched and tested -these keyboards are continuously sending radio signals, making them vulnerable from a limited distance – that is, with the proper hardware. Because most wireless keyboard companies don’t spend money on security and encryption, they can be read on the hackers system; the hacker can also send instructions to the target’s system because the unprotected keyboard is sending off continual signals, making it vulnerable. This attack is so easy, almost anyone with the basic understanding of programming can do it, from hackers to script kiddies.
Bastille, the security research company that found this flaw, states they were stunned at discovering such a simple flaw in the system. According to the firm, and as explained above, the attacker can ‘sniff’ whatever the target is typing, giving them the ability to inject their own keystrokes on the victim’s machine. The company went on to say that this isn’t just about generic cheap keyboards, but reputable companies such as Toshiba, Kensington, and HP (almost all major companies) are at risk from this vulnerability. This leaves millions of people using unsecured, unencrypted, easily hackable keyboards. Furthermore, currently, there is no fix for it.
However, the security company, back in 2010, also found a flaw in a wireless mouse system, which enabled hackers to take control of a users wireless mouse and during the same time, it was known that a few wireless keyboards could be hijacked. With that said, the security company stated their research was performed to tell the companies about their unsafe products, and that the users must be given protected equipment.
The organization also states that many companies have no idea about this flaw; with many of those companies making unsecured wireless keyboards have not yet responded to them.
It would be an absolute lie to state all wireless keyboards are prone to this attack – a few wireless keyboards do come with a built-in encryption system, but, they are pricey compared to your average wireless keyboard. However, at the moment the cheapest and best fix for this flaw is to buy yourself a wired keyboard and a wired mouse.
If you want to read a more detailed article about this vulnerability, visit Wired.
You want to support Anonymous Independent & Investigative News? Please, follow us on Twitter: Follow @AnonymousNewsHQ
This article (Your Wireless Keyboard is Sending Your Keystrokes to a Hacker) is a free and open source. You have permission to republish this article under a Creative Commons license with attribution to the author and AnonHQ.com.