Story image

Careful with your fingers: Hackers can steal everything you type

05 Aug 16

In these modern digital times, people are gradually learning to not trust anything. Take Mark Zuckerberg for example, who caused a fuss recently when it was revealed he has a strip of tape over the webcam on his computer.

Well now you can add the seemingly trust-worthy keyboard and mouse to that list. Earlier this year, security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, the same researchers have extended the extent of the attack to millions more devices. What’s more, they not only inject keystrokes, but they can also read yours too.

Bastille’s research team recently revealed a new set of wireless keyboard attacks that they’re calling Keysniffer. The technique essentially allows any hacker with a $12 radio device to intercept the connection between wireless keyboards and a computer from over 75 metres away.

"When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product," says Marc Newlin, the Bastille researcher who discovered the vulnerability. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."

According to Bastille, the main reason behind the problem is that most connections between computers and the identified keyboards don’t use encryption (unlike more expensive models). This leaves them vulnerable to a hacker with special equipment that certainly won’t break the bank.

However, Bastille affirms the issue doesn’t affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures.

Moral of the story? While it remains unclear if any of the keyboard makers intend to offer refunds or replacements to customers with vulnerable models, Bastille recommends replacing the dongled wireless keyboards with Bluetooth or wired versions.

Ransomware infection? Here’s how you control the damage
Ransomware has evolved to be more sophisticated and targeted, and remains a threat to businesses of all sizes.
Exclusive: Fileless malware driving uptake of behavioural analytics
Fileless malware often finds its way into organisations via web browsers (or in combination with other vectors such as infected USB drives).
'DerpTrolling’ faces jail time for Sony DoS attacks
A United States federal court has charged a 23-year-old man for the hacks on Sony Online Entertainment and other major companies back in 2014.
It's time to rethink your back-up and recovery strategy
"It is becoming apparent that legacy approaches to backup and recovery may no longer be sufficient for most organisations."
Dropbox strengthens security with raft of new partnerships
Integrations will keep customer content protected and secure with tools for controlling identity access, governing data, and managing devices.
Companies swamped by critical vulnerabilities – Tenable
Research has found enterprises identify 870 unique vulnerabilities on internal systems every day, on average, with over 100 of them being critical.
Don’t let your network outgrow your IT team
"IT professionals spend less than half of their time at work optimising their networks and beefing it up against future security threats."
Three access management trends making waves in APAC
Consumer identity proofing, authentication, and authorisation will top the $37 billion value mark by 2023.