Story image

Careful with your fingers: Hackers can steal everything you type

05 Aug 2016

In these modern digital times, people are gradually learning to not trust anything. Take Mark Zuckerberg for example, who caused a fuss recently when it was revealed he has a strip of tape over the webcam on his computer.

Well now you can add the seemingly trust-worthy keyboard and mouse to that list. Earlier this year, security firm Bastille found that millions of cheap keyboard and mouse dongles let hackers inject keystrokes onto your machine from hundreds of yards away. Now, the same researchers have extended the extent of the attack to millions more devices. What’s more, they not only inject keystrokes, but they can also read yours too.

Bastille’s research team recently revealed a new set of wireless keyboard attacks that they’re calling Keysniffer. The technique essentially allows any hacker with a $12 radio device to intercept the connection between wireless keyboards and a computer from over 75 metres away.

"When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product," says Marc Newlin, the Bastille researcher who discovered the vulnerability. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."

According to Bastille, the main reason behind the problem is that most connections between computers and the identified keyboards don’t use encryption (unlike more expensive models). This leaves them vulnerable to a hacker with special equipment that certainly won’t break the bank.

However, Bastille affirms the issue doesn’t affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures.

Moral of the story? While it remains unclear if any of the keyboard makers intend to offer refunds or replacements to customers with vulnerable models, Bastille recommends replacing the dongled wireless keyboards with Bluetooth or wired versions.

SecOps: Clear opportunities for powerful collaboration
If there’s one thing security and IT ops professionals should do this year, the words ‘team up’ should be top priority.
Interview: Culture and cloud - the battle for cybersecurity
ESET CTO Juraj Malcho talks about the importance of culture in a cybersecurity strategy and the challenges and benefits of a world in the cloud.
Enterprise cloud deployments being exploited by cybercriminals
A new report has revealed a concerning number of enterprises still believe security is the responsibility of the cloud service provider.
Ping Identity Platform updated with new CX and IT automation
The new versions improve the user and administrative experience, while also aiming to meet enterprise needs to operate quickly and purposefully.
Venafi and nCipher Security partner on machine identity protection
Cryptographic keys serve as machine identities and are the foundation of enterprise information technology systems.
Machine learning is a tool and the bad guys are using it
KPMG NZ’s CIO and ESET’s CTO spoke at a recent cybersecurity conference about how machine learning and data analytics are not to be feared, but used.
Seagate: Data trends, opportunities, and challenges at the edge
The development of edge technology and the rise of big data have brought many opportunities for data infrastructure companies to the fore.
Popular Android apps track users and violate Google's policies
Google has reportedly taken action against some of the violators.