sb-au logo
Story image

Careful with your fingers: Hackers can steal everything you type

05 Aug 2016

In these modern digital times, people are gradually learning to not trust anything. Take Mark Zuckerberg for example, who caused a fuss recently when it was revealed he has a strip of tape over the webcam on his computer.

Well now you can add the seemingly trust-worthy keyboard and mouse to that list. Earlier this year, security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, the same researchers have extended the extent of the attack to millions more devices. What’s more, they not only inject keystrokes, but they can also read yours too.

Bastille’s research team recently revealed a new set of wireless keyboard attacks that they’re calling Keysniffer. The technique essentially allows any hacker with a $12 radio device to intercept the connection between wireless keyboards and a computer from over 75 metres away.

"When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product," says Marc Newlin, the Bastille researcher who discovered the vulnerability. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."

According to Bastille, the main reason behind the problem is that most connections between computers and the identified keyboards don’t use encryption (unlike more expensive models). This leaves them vulnerable to a hacker with special equipment that certainly won’t break the bank.

However, Bastille affirms the issue doesn’t affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures.

Moral of the story? While it remains unclear if any of the keyboard makers intend to offer refunds or replacements to customers with vulnerable models, Bastille recommends replacing the dongled wireless keyboards with Bluetooth or wired versions.

Story image
75% of IT execs 'worried' about being targeted in cyber-attack
A new report from ConnectWise has shed light on the widespread concern about cyber-attacks, with 91% of SMB executives considering a move to an MSP if it provided the 'right' solution.More
Story image
Is cyber deception the latest SOC 'game changer'?
Cyber deception reduces data breach costs by more than 51% and Security Operations Centre (SOC) inefficiencies by 32%, according to a new research report by Attivo Networks and Kevin Fiscus of Deceptive Defense.More
Story image
Research: 61% of companies have suffered an insider attack in last 12 months
It comes as rapid migration to cloud and remote working and BYOD scenarios leave organisations increasingly vulnerable to insider attacks as a result of the upheaval caused by the COVID-19 pandemic.More
Story image
Zero trust is the way to secure the distributed workforce - Empired
Existing security solutions need to evolve to accommodate the new remote workforce.More
Story image
Fortinet’s ‘zero trust’ approach redefining security
Cornelius Mare, Fortinet A/NZ Director, Security Solutions, explains why taking a ‘zero trust network access’ approach to cybersecurity requires fully-integrated and comprehensive security services and policies.More
Story image
Malware and email scams targeting employees spread rapidly in Q2
"Businesses must stay alert and should employ defense-in-depth tactics and equip themselves with multilayered security mechanisms, including high-sensor spam filters and a VPN connection, which would prevent malicious pages from opening."More