In these modern digital times, people are gradually learning to not trust anything. Take Mark Zuckerberg for example, who caused a fuss recently when it was revealed he has a strip of tape over the webcam on his computer.
Well now you can add the seemingly trust-worthy keyboard and mouse to that list. Earlier this year, security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, the same researchers have extended the extent of the attack to millions more devices. What’s more, they not only inject keystrokes, but they can also read yours too.
Bastille’s research team recently revealed a new set of wireless keyboard attacks that they’re calling Keysniffer. The technique essentially allows any hacker with a $12 radio device to intercept the connection between wireless keyboards and a computer from over 75 metres away.
"When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product," says Marc Newlin, the Bastille researcher who discovered the vulnerability. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."
According to Bastille, the main reason behind the problem is that most connections between computers and the identified keyboards don’t use encryption (unlike more expensive models). This leaves them vulnerable to a hacker with special equipment that certainly won’t break the bank.
However, Bastille affirms the issue doesn’t affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures.
Moral of the story? While it remains unclear if any of the keyboard makers intend to offer refunds or replacements to customers with vulnerable models, Bastille recommends replacing the dongled wireless keyboards with Bluetooth or wired versions.