Security - Logitech Wireless Mice & Keyboards Can Be Sniffed

Brock Tellier writes "The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false. According to a recent security report about Logitech wireless mice and keyboards, an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary." Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

Re:Tempest

The BBC did a demo of this years ago. The tape was banned under the 'Official Secrets Act' or some equivalent. I saw it at CISSP training in 1999; I have no idea how to get ahold of a copy.

Re:How much could be learned...

Combining information from a cordless mouse with that of the cordless keyboard would be useful. It would help delineate the keyboard data by associating a mouse move/click before or after some keyboard input. For example:
[mousemove][click]Anonymous Coward
[TAB] *or* [mousemove][click]mypassword
[TAB] *or* [mousemove][click]Re:How much could be learned...
[TAB] *or* [mousemove][click]blah

would be the sequence of events, no timing needed, to understand the data from me filling out the form to write this message. Otherwise the data from the keyboard is a little more difficult to decypher (remember though, this is a *very* basic example. It makes more sense to apply it to a more complicated case.).
Anonymous CowardmypasswordHow much could be learned...blah

Re: RAM/EEPROM

Actually, you can't rely on EEPROM zerioized in reasonable time, so security-conscious manufacturers keep EEPROM contents encrypted under a key that's in battery-backed RAM, which gets cleared if there's an attempt to access the box in an unauthorized way. Which makes the EEPROM contents useless after zeroization. Properly hacked SRAM drops to zero "fast enough". BTW one should make sure temperature stays reasonable for the RAM; CMOS cooled down can retain even static RAM contents long enough for probing/copying.

For the records, I do hardware design on circuitry in one of these things. More details about tamperproofing requirements in FIPS-140 under csrc.nist.gov (mostly legalese) and at www.cl.cam.ac.uk under Ross Anderson's group (pretty technical). Peter Gutmann's classic article on data remanence is a good read if you worry about such things.

TEMPEST?

You know, part of the reason the very existence of TEMPEST was classified for so long was that: a) it worked, and b) no one knew about it. That time has passed; why is this "news"?

Re:TEMPEST?

[Nonac]

The big difference between this and TEMPTEST is the hundreds of thousands of dollars worth of equipment a TEMPTEST attack takes.

I couldn't link to the article, but I'll bet that the Logitech wireless attack can be done on a much smaller budget.

Because of its nature, TEMPEST attacks are limited to those who have vast resources and a strong desire to get specific information. If the Logitech attack can be carried out with $200 worth of equipment, it is much more likely that a small time cracker will use it to sniff passwords.

Another key difference is the price of defending against a TEMPEST attack. It generally costs more than the computer system to shield it against TEMPEST attacks. With this attack, it only costs $20 for a cheap keyboard and mouse to defend against it.

Re:TEMPEST?

[rifter]

IIRC, When I read about similar methods during the 80's, execution required a few hundred dollars of equipment from the local Radio Shack. the cost mainly depends on how far away the "victim" is and how accurately you need to reproduce what they see. You are correct about the shielding issues, though..

Re:Tempest

It basically is a room which is a gaussian sphere

I believe the term is "Faraday cage".

The Pessimist View?

[drdink]

I hate to be the pessimist here, but I think it is quite obvious that mostly anything, if not everything, can be sniffed. It is especially easy to sniff wireless communications. Just look at older cellular and portable phones. They are cake to sniff. You expect some semi-cheap mouse and keyboard you buy from Logitech to employ the latest in anti-sniff technology?

Re:I sniffed my mouse...

[Micah]

Either that or get a gerbil. I had mice and gerbils as a kid and you wouldn't believe how much cleaner gerbils are.

Usefulness of sniffing mice

[Micah]

ok... so you're sniffing someone's cordless mouse.

"moving up a bit... left click... moving right a bit... moving down a bit.... right click... moving left a lot and up a bit. silence... moving down a lot, a little to the left... right click... moving up a bit...."

What exactly could you do with that info?

Re:Usefulness of sniffing mice

[Arlet]

Some programs require the user to move the mouse around in order to generate "random" numbers that will be used to create a private key.

Re:DUH

[hank]

I'd hope one wouldn't buy any product that says "Strong Encryption" on the box and 'honestly think' it was secure.

Re:DUH

[rodgerd]

Lots of people don't understand these things, and tend to get mislead by bad marketing.

For example, there's an outfit which sells set top boxes for digital TV called Open; these boxes are used by outfits in the UK to provide their "like the Internet, only a not" offerings. Including Internet banking with a number of the UK's leading online banks.

Customers are assured that Open use s00per-s3kr3t encryption between the set top box and the host system to secure your banking experiance, which is true. What Open don't tell consumers is that their IR controller/keyboards run with no encryption and have a 50 foot range, so anyone with an IR reciever and a little work could be merrily sniff you logins, passwords, and so forth.

Oops.

There's a lot of work to be done on educating Joe and Jane Average about these things.

Re:Just shows how important key management is

[CaseyB]

It's amazing how many ways the Honda Civic could have been done right, but is still wrong. For instance, the car could have 2 inch steel armour completely encasing the body, bulletproof glass, solid rubber run-flat tires, and a 500 HP engine and high-performance suspension to compensate for the increased weight. Or they could have added a jet-assisted thrust system to allow drivers to escape dangerous situations at 300 MPH. Or they could have outfitted the car with wings, so that it could simply fly away from would-be attackers.

But no, Honda had to make something that "works" but gives people no security.

Method 101

[narrowhouse]

There are a thousand ways that "some people" can sniff what you do. I have heard rumors of government technology that can get some data about what you are typing by tapping your electrical lines, or even fron the sound of your typing, devices that can recreate the image on a CRT from across the street. It all sounds like "Enemy of the State" paranoia until you find out it is real (Echelon anyone?). Security is an illusion unless you take very STRONG precautions. A fact of life, not that I haven't thought about distributing a one time code pad to a few choice friends just in case:) Be VERY careful about the physical security of your machine of get used it.


Insert pithy comment here.

If they can read it, They can write it.

[mgrennan]

Ok I own one of these things too. They are nice. But as a amature radio guy I can know this was posible a long time ago.

The part the disterbs me is the fact they can write to your keyboard reciver. Just stay logged in, walk way, and I can enter a rm /* for you or maybey a scp -r mark@myserver.com:/stuff /root/*.

Anyone know where most people keep their GNU-CASH data directory?

Just joking.

mark

Re:tip of the iceberg

[mikl]

> MOst consumer grade products aren't shielded
> nearly enough, because, obviously, that would
> drive the price up for a benefit most people
> wouldn't even be aware of..

...nor would it really help them. Seriously, I doubt it really matters to my grandmother if someone "sniffs" her monitor and sees her reading her email and browsing genealogy sites!

Face it, the average person who is using a wireless keyboard is NOT going to be doing anything that significantly matters in the realm of privacy or security. If you are THAT paranoid, surely you knew LONG, LONG ago that wireless kb/mouse was a bad idea.

-Michael
Shameless plug: http://www.miklm.com/resume.html

An option to secure the transmissions

[psychosis]

You could always take the character key, base-64 it, and XOR the bit string....
oh, wait a minute... you might get sued for that marvel of technical prowess!

Re:Cordless Logitech trackballs

[mabs]

I want one for my laptop, trackpads and cables are so limited and annoying, and of course, if you pc _is_ the DVD player...

Use a secure socket to your mouse/keyboard

[mvw]

one easy way to make a pretty secure connection would be to make little enigma-esque scrambler wheels on the keyboard and base station. since the number of intercepted characters is probably low, your key length doesn't have to be outrageous to provide some security.

There is really no big difference between sniffing a telnet session with bpf and sniffing an optical or radio connected mouse or keyboard.

One solution for the telnet case was the use of encrypted channels, via the secure socket layer (SSL) and a changed protocol/tool (ssh).

It is obvious that a similiar method has to be used for the mouse/keyboard case.

So install sshd on your peripherials and be happy :-)

Re:Just shows how important key management is

[stripes]

Logitech could have put in good encryption, and talked up the weakness of their competitors. One press release per weak about how your competitors are betraying the public can drum up a lot of business.

Are there any competitors in that space (RF keyboards)? I'm not exactly in the market for a wireless keyboard, and if I were it's likely that IR would do it for me.

Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed... (and no, not everything does, but it happens enough that I expect lots of folks have that impression)

Wrong. Lots of work has been done to stuff good encryption in tiny CPUs. Think smart cards. In particular, ciphers that use multiple LFSRs require miniscule amounts of silicon.

Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs. I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

WEP was designed by a microcephalic crack-smoking monkey.

And you think Logitech has a shortage of crack smoking monkeys?

It is poor entirely because it's designers had essentially no understanding of cryptosystem design, and they didn't bother to have it reviewed by experts.

The documents were out for public and private review for many many months. Experts did have at it. It at least got changed from a clearly worthless 4-bit key to something that looks valuable (but isn't).

Yes, price isn't why WEP sucks, but I think price is why WEP was at least attempted.

Re:Just shows how important key management is

[stripes]

It's amazing how many ways this could have been done right, and it is still wrong.

Not really. Anything that increases the cost has to increase sales. Will the lack of a checkbox that says "uses random crypto thingie so it must be safe" lose some sales? Maybe. Some people clearly wouldn't buy it because of that. Then again some people would see that and be reminded that it is a problem, and not want it. Some people will see it and demand that they know how it works so they can be convinced it is secure. And above all, it is going to drive prices up. You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.

Plus it is hard to imagine anything simple that works out of the box, unless you key the base station to the keyboard from the factory. Otherwise you could have a man in the middle attack (which would be harder then the existing attack, but still...)

I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!

Not to be offensive...

[mhkohne]

But, (how can I say this delicately...Oh, I can't) DUHHHH! A $79 device is NOT, in all likelyhood, going to have particularly wonderous encryption built in. For 99% of the population, this is NOT an issue, I mean, who's going to bother with sniffing your keyboard when they can probably more easily get what they are after? For those it does matter for, I suspect they are already the paranoid types anyway, and wouldn't have touched these things with a 10 foot pole to begin with.

Basically, my point is: This is not news worthy or even slightly surprising.

Get the adage right :)

[smooge]

> The old adage 'The only safe computer is locked
> in a room and unplugged from the Internet'
> proves false. According to a recent security
> report about Logitech wireless mice and
> keyboards, an attacker can sit a hundred feet
> or more from your computer and 'sniff' the data
> from your keyboard and mouse. Scary."

Actually the adage is
'The only safe computer is locked in a bunker, unplugged from the power grid, and turned off. And then it is questionable. Safer still is just to slag the whole thing down to its random bits.

stucco houses look better every day

[bcboy]

there's nothing like a wire mesh wall for blocking rf.... though you do have to mount an antenna if you want to listen to the radio

Assuming it matters

[maggard]

First off this is *news*? Did anyone expect a wireless mouse or kb to encrypt? While it's likely possible to do some sort of encryption between the transmitter & the reciever I don't see how keys would easily be synchronized.

Furthermore devices like this invariably end up stepping on each other's toes. They're fine if you're the only user in the building but when the secretary upstairs gets one you end up getting who-gets-the-bandwidth glitches or worse yet finding thier mousing on your screen (or "Iieeeeyyhahh - my cursor is posessed!")

Of course one key thing to ask yourself is if you care that someone could decode your mouse or kb.

In the office as I noted these things are of limited utility, at least if you're in a geek-dense area. At home the question is how many folks are in range and how many could possibly care.

In my neighborhood the average age is 60-something and of a definite non-technical bent. Frankly I doubt there's so much as an active ham in the neighborhood much less anyone with enough geek-tendencies to scan, identify, then decode my mouse or keyboard.

The same with the odds of there being another comperable device - I can count the cable-modem users by looking at the wires and there are 4 of us in two blocks (and from sniffing I know I'm 90% of the traffic.)

Yeah unsecured wireless devices aren't a good thing to use in a secure environment, but again, that's *news?

News Flash

[geek]

This just in, pressing ear to glass on computer room door allows attacker to hear your key strokes!! Glass and door manufacturers are working on a patch and PR is looking for feedback on how glasses and doors can be reworked to allow for a greater degree of security. We will keep you updated hourly until this has come to a resolution.

Re:Tempest

[Switchback]

Not true. Many people incorrectly refer to the sniffing of electromagnetic signals as 'TEMPEST attacks'. While it is certainly convenient to use this term, TEMPEST actually deals with the prevention of such signals, not the gathering of them.

As for only reading monitors, you are quite mistaken. TEMPEST covers the entire electromagnetic spectrum. If you've ever seen TEMPEST equipment, everything is 'shielded', not just the monitor. Electromagnetic sniffing can be applied to any electronic device, not just computers. Monitors are probably the easiest for people to think of because it's information they're seeing. But sniffing the monitor does you no good for gather passwords, because they either don't show up on the screen or are some other character. But sniffing the keyboard will certainly give you this info.

Of course!

[juuri]

What retard didn't know this when they purchased such equipement? The same ones that have never used a learning remote?

How the hell does this warrant a front page story.

Slashdot, news for people who can't think or figure anything out for themselves.

Re:Of course!

[ucblockhead]

The same people who buy things with credit cards using portable phones.

The flip side...

[unicorn]

Maximum PC had an article about PC Pranks last week. And they drove one editor nuts by hooking a cordless mouse to his system as the primary pointing device, and driving his machine from across the room.

Re:The flip side...

[MattGWU]

Ah yes....plugging keyboards into boxes but setting them infront of different computers in the Mac labs back in high school. Sweet memories...sweet, juicy memories.

Re:DUH

[Cato]

Fortunately, Open is such a lame service that not many people will use it. The shopping sites are a small subset of what you can find on the Net, and you have to go online continually just to compose an email.

Most amusingly, the IR-based protocol between keyboard and set top box has no error recovery, so it's very easy to just type too fast and have it *lose characters*. Brilliant engineering...

Re:Just shows how important key management is

[kraig]

It's not like Logitech has done any great wrong to the buying public here. If your common sense doesn't twig at "wireless keyboard... hmm, MAYBE THIS COULD BE A SECURITY RISK!" then you don't deserve to be running any computers with sensitive data on them anyway.

This issue is nowhere near as big as some would have it, IMO.

Personally, I don't like the wireless mice/keyboards anyway.

So what?

[Vskye]

"an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary."

So you wander outside and beat anyone within one hundred feet. Complications? None.;-) Poof!

Old news. Want to sniff? Just buy another keyboard

[EJB]

This is really old news. Sniffing a logitech wireless keyboard is terribly simple; you know the company in the office nextdoors has one?
The follow these steps:
* buy the same type of logitech keyboard
* check if they're running windoze or linux
* depending one above check, repeat:
- press 'adjust frequency' button on logitech
appliance
- for windoze, press ALT-F4 a few times
- for unixen, type "rm -rf /" a few times
- check for screams
- if you hear screams, stop repeating these steps (or not :)

Erwin

Re:DUH

[AviN]

Yes you do. AFAIK, with debit cards, the seller doesn't get paid until 90 days after the purchase. So if you report fraud within that period, you're safe.

Re:Wireless == sniffable

[Kris_J]

P.S. Did anyone else think Bluetooth?

Yeah, as the solution. While a Bluetooth communication can be detected, sniffing it is much harder than Logitech's unencrypted wireless desktop protocol.

I wish Logitech would hurry up and release a Bluetooth wireless mouse, because every time I try to use my new Ericsson cordless headset near my PC the mouse stops working...

--

anything can be sniffed if you're close enough

[crovira]

but sniff my crotch and I'll bitch-slap your sorry face.

Surprised?

[Ageless]

This is a surprise?
Hey! Guess what, that fancy remote control you use for your TV at home can be sniffed too! THEY CAN TELL WHAT YOU ARE WATCHING!
Also! Those walkie talkies you use to talk to your buddies can be sniffed! THEY KNOW WHAT YOU ARE SAYING!
Hey! This comment isn't encrypted! In fact, most of the Internet isn't encrypted! THEY CAN READ WHAT Yjk2#@!

Re:Surprised?

[Ageless]

Damn. Chopped off my [NO CARRIER]. Oh well.

Re:Surprised?

[Ageless]

I am going to go ahead and take this into the realm of the far fetched but... With a little bit of habit watching you could find a calibration point.
First, you can take out any channels that home may or may not receive. It's going to be obvious that the person isn't watching channel 6 for 3 hours at a time if it's static.
Next, watch how long they watch a channel. Do they watch a certain channel for 2 hours and 10 minutes and was there just a movie on that was 2 hours and 10 minutes or so? Good starting point.
Anyway, cryptographers perform much more complicated miracles breaking ciphers. It's not too hard... :)

Duh

[Ouroboro]

All I can really say is, well duh. Who would have thought that a device that sends unencrypted signals out willy nilly would be vulnerable to sniffing.

This should be espescially obvious since we are already worried about people sniffing monitors and ethernet w/out actually being in the circuit.

Re:DUH

[dr_labrat]

It wasn't Tom Clancy's NetForce with Scott Bakula you were watching was it?

Re:DUH

[yomahz]

Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for /. or MP3.Com. Who the h377 cares?


Of course, in the real world, most of us have more important things to worry about than credit cards or mp3.com passwords. It would be just great if the twirp on the other side of the wall from me grabbed my Oracle passw'd and decided to go in and give himself a raise. I would just love it if if someone snooped my root passwd to our database server and deleted everything and puta rootkit in place. I just love restoring from backup all night long. You know what would be really cool? If someone where to catch my workstations shell account passwd and decide to go hack on fbi.gov. The list goes on and on..

But then again, I agree w/ the 1st post. I wouldn't have one to begin with. I can't relate to where you coming from. Then again, maybe I don't live in the real world.

Re:DUH

[yomahz]

Don't bother to wear a flak jacket to the can.


You've obviously never seen the toilet bomb scene from Leathal Weapon (2?).

Re:DUH

[Dwonis]

What about your (now legally binding) PGP passphrase?
------

Re:DUH

[Dwonis]

A screw driver and a soldering iron will fix that.
------

Re:DUH

[donutello]

I think they keyword there was him mentioning that it happened in the pre-e-everything days. Until a few years ago, if your credit card was stolen you had a maximum liability of $50. A couple of years ago, Visa decided to waive that liability and all the other major credit card providers decided to follow suit.

Re:DUH

[zpengo]

actually, i got all of it back when that happened to me.

Re:DUH

[John+Miles]

No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests. (And how many servers display passwords on the screen when you log onto them?)

Wireless keyboard sniffing is MUCH cheaper and MUCH more damaging than TEMPEST vulnerabilities could ever be.

Re:DUH

[mindsweeper]

> I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.

If someone uses your debit card like that, you don't get a single cent back. Just a warning.

--M

Re:DUH

[AaronStJ]

I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.

No problem for you. Someone has to suck up the theft, and IIRC, it's the store, not the redit card company. Just because you don't have a direct personal interest in keeping your credit card number private doesn't mean it's not important. Indirectly, you end up paying more beause stores have to make a larger to profit to soak up theft.

Re:DUH

[WinterSolstice]

I'd never use one of those. I even switched to an HMD to avoid my screen be visible from the next room. I also put my computer into a room 6 meters underground, then sealed the entrance. I bought temperature/moisture/pressure sensors for the floor tiles, removed the air ducts (so there, Mission Impossible!), re-install NetBSD nightly to avoid any files being saved, and put EMF filters on my mouse and keyboard cables. I have my own air generator, and a lifetime supply of Spaghetti-O's.

Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for /. or MP3.Com. Who the h377 cares?

Do you actually think it matters if someone uses your credit card fraudulently? Nope. Happened to me already, before everything was 'e' something. I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.

Life is just one big exercise in risk-management. Learn what things matter, and what things don't. Protect yourself where it matters. Don't bother to wear a flak jacket to the can.

-WS

Re:DUH

[The+Monster]

That's OK. All you need to do is plug your wireless keyboard into a Cue Cat and let its Very Strong Encryption befuddle the snoops!

Re:DUH

[funwithBSD]

Dammit, I AM your sysadmin, and if I see one of these things on your desk, your password will be OPIE'd, with keywords in Sanskrit...

But you can keep the one at home. =}
Just a warning from your favorite BOFH.

Re:DUH

[H1r0Pr0tag0n1st]

Um, Actually you do, or at least you should. if it has a Credit card function the HAVE to.

Re:DUH

[Slashdot+Editors]

Well, is encryption really necessary here? What about the spread spectrum technology in 2.4 ghz cordless phones?

Re:DUH

[jasonwest19]

If you could go head and post your credit card number and info, Ill do a little fraudulent shopping, send you a gift for your troubles, and buy myself a few birthday gifts. You can claim deniablity, and pay the co-pay.

Thanks a bunch.

Scary my ass!

[uradu]

If you buy peripherals that broadcast their data through the air, what the hell do you expect?! We take it as a given that true security with 802.11b even using encryption is an iffy thing, despite using pretty heavy duty hardware, and yet we're floored when a cheap input device with nary more horsepower than a CD player is insecure? Perhaps we should come up with a public key protocol for mice and keyboards? Given the required horsepower, we could then also use them as co-processors, offloading all those Quake computations on the mouse and keyboard. Hmm...

Re:Somebody PLEASE spy on me!!!

[dwlemon]

lol! no mod points, so i'll reply:

I always think the same thing when it comes to security: "People want to look at MY files? Cool!"

Re:Hmmm... Only 6ft range??

[RAruler]

Take in mind, these are people that design sattalites to read license plate numbers. The pussy ass reciever logitech gives you, doesn't compare to a van full of High-Tech equipment. You could always swap out the components in the reciever/keyboard and make a better system yourself. But, using a keyboard from 10Ft away sucks, unless you have like a nice giant screen.

---

Re:Updated cliche version 1.02

[jonbrewer]

and powered by batteries.

Re:Hmmm... Only 6ft range??

[Jethro]

Actually, I had a bunch of Logitech wireless mice. At home I couldn't get them to work more than 10' from the base station, but I tried one out at work before taking it home, and it worked from WAY the hell over at the other side of the building.

So I guess it depends on where you are.

Plus they probably have a better receiver than you.


--

paranoia

[krb]

If you're that paranoid coat the inside of your room with foil... nice big faraday cage. No EM fields can penetrate. have a nice day.

-k

i don't think so

[kaisyain]

If they stores can charge $X for something they will charge $X for it.

Unless you are seriously trying to suggest that businesses intentionally pass up profits unless they "have to" take them?

Re:i don't think so

[bogado]

Or maybe they would say "humm, $900 for a stereo, it must be top of the line. Look it even have a `JDDKFJW system (tm)' and a `Super Zoom Multimedia Bass' it's a bargain" and buy it happily. :-)


--
"take the red pill and you stay in wonderland and I'll show you how deep the rabbit hole goes"

Re:i don't think so

[isaac_akira]

a store's prices are based largely (but not solely) on their own costs. if a stereo costs them $200, and they can sell it for $400 they make a nice $200 profit. but what if that stereo now effectively costs them $300 because for every 3 stereos they sell, one of them is credit fraud and they have to eat the cost? they would have to raise the price to $500 to make the same $200 profit.

the reason they can't raise the price to, say, $900 and make a $600 profit, is that the guy down the street is selling them for $500 too, and everyone would just buy them there. or, if everyone was charging $900, people would just say "fuck it, i don't need that stereo that much" and not buy one.
</basic economics>

Security tip

[sharkey]

Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

Good idea. I'll zap off right now and get this new keyboard off my IIS E-Commerce server. I sure wouldn't want my customers credit cards to get stolen because of some deviant sitting outside my office and sniffing me.

--

Re:Hmmm... Only 6ft range??

[DiSKiLLeR]

I got one of those logitech cordless keyboard/mice ages ago.

I absolutely loved the mouse (it was my first with wheel -- totally rocks in Q3/UT/etc). But the keyboard always bugged me. The batteries liked to go flat real often (guess i spend too much time on the computer? ;), and it always dropped keys.

Like. I'd type. And every few keys would not appear, or every second key would not appear. I figure its just my fast typing speed, i can easily go beyond 70wpm. Needless to say, this was *incredibly frustrating*. The keyboard was limiting my typing speed; i had to type significantly slower, somewhere around 50wpm. (this is just a guess).

In the end, the batteries died again, i kicked the keyboard and its still sitting somewhere in the corner. I got a good 'ol AT keyboard, plugged in a PS/2 adapter, and thats what i use on my PIII now.

As for the logitech mouse; i got a MS optical one. It plays Quake even better, and the 5 buttons are a *dream*.

Soo......... anyone want a Logitech Cordless Desktop? (wireless keyboard+mouse).

D.

Re:Hmmm... Only 6ft range??

[DiSKiLLeR]

Hrmmm .......

Well, i'm not the only one to have one.

My cousin, and my uncle also got one (they copied me). They all drop keys when typing fast. I think when i type fast i have a habbit of pressing keys at almost the same exact time; a normal keyboard handles this fine, and it all appears normal on the screen. Logitech keyboard doesn't like it.

Batteries. Actually, to clarify, the mice would die after about a month on batteries. The keyboard would last alot longer.

I eventually found out they were bad rechargable batteries, i bought some heavy duty energizer batteries or something, and the mouse lasted 4 months (i think).

But the batteries are expensive, i wanted to get rechargeables cuz i can keep recharging them.

oh well, *shrug*.

D.

Re:Hmmm... Only 6ft range??

[DiSKiLLeR]

Yup, exactly my point.

So i'm not imagining it then :) That is a good thing :)

D.

Re:Hmmm... Only 6ft range??

[DiSKiLLeR]

Ahhh.

Thanks for the explanation.

D.

Re:Common Sense

[SpacePunk]

No offense? Hell, intend as much offense as possible.

What gets me is someone actually did a 'security report' on it. DUH! Ok, next up will be a 'security report' on how shouting down a hall isn't secure.

Solution:

[Fatllama]

Memorize PGP algorithm. Type encrypted.

Hmmm... Only 6ft range??

[HamNRye]

I have a wireless keyboard and mouse, and I can't get them to work more than 4-5 feet away. But they can sniff my signal from across the street. Technology frikkin' sucks.

~Hammy

Re:Hmmm... Only 6ft range??

[HamNRye]

36", that's a nice giant screen.....

I bought a Princeton Arcadia as a Refurb for about $400.00....

If you have any links on how to improve my range I'm all for it.

(I can't even sit withit 6' of my monitor....)

Re:Hmmm... Only 6ft range??

[interiot]

Well, you could always strap a Yagi to your keyboard, but I don't think you'd want to do that...
--

Re:Just shows how important key management is

[cva]

no, at least the logitech ones cannot...

Me Too Post

[_Splat]

Yeah.. it never struck me as something hard to do....

Re:Just shows how important key management is

[Ralph+Wiggam]

"Logitech had to do something that "works" but gives people zero privacy and no security"

Yes, and they did exactly the right thing. Their "job" is to produce products that do what they claim to do and sell them at a price people will pay. They never claim these products are secure in any way. As the above post says, if you bought this product *assuming* it's secure, you're a dumbass and you deserve whatever you get.

-B

Re:Tempest

[Therin]

Jack Ryan was not mentioned by name in Rainbow Six; apparently the messy divorce Mr. Clancy was going through involved intellectual property rights on the name "Jack Ryan", so his novel at the time didn't mention him once by name.

Re:Tempest

[G-funk]

How is that funny? It is called a faraday cage... moderators on crack much?


--Gfunk

How horrible...

[Rombuu]

I mean if a hacker could track my mouse movements he could.. um, he could.. well...

...damn, I can't think of anything. Sounds like a big waste of effort.

Headline US Spies tap USSR Embassy

[The_Moo_Cow]

This reminds me of an old cartoon, where the CIA put a bug in a typewriter. A transcript of the recordings goes something like:

Tap, Tap, Tap, Tap-Tap-Tap, Tap, Tap etc etc

Re:The Adage...

[jonathanclark]

It's not "unplugged from the Internet", it's "unplugged". As in unpowered.

Even then, you are not totally safe. The contents of your RAM are often valid for several seconds to several minutes after you power off. With lower temperatures this can be up to hours. This must be taken into account with high security applications where physical access is possible. For example, tamper-detection circuits must erase RAM as well as EEPROMs when intrusion is detected.

Since PCs don't clear out memory before they power off, your passwords and encryption keys could possibly be stolen from RAM even with the best security precautions taken. Mind you, I haven't heard of anyone actually using this technique, just that it's a possibility.

Re:Duh!

[...+James+...]

what about solvents? assuming you get past the switch, couldn't you just dissolve the epoxy away?

Re:How about your (now legally binding) signature?

[yomahz]

Ooh, better keep people from looking at my signature! If they see it, they might want to forge it elsewhere! There's nothing to keep them from doing that! Oh no!


You obviously have no concept of what a secure business environment is like. PGP sig's on files can be really important when distributing sensitive data/programs to your business partners and co-workers. If someone adds a backdoor or virus into a program that I regluarly distribute w/ my PGP sig, I'm going to have a hell of a lot of explaining to do.... to the security guard as he tosses my ass out the front door.

Re:Wouldn't bother me

[barjam]

You can use the little Character mapper application (that comes with windows) when this happens as well :)

Re:Just shows how important key management is

[.pentai.]

Now you see, there's a problem with your ideas of how they could have done this with transmitters and receivers. These things need to be CHEAP. Keyboards and mice aren't exactly a major expendenture (ok my spelling sucks I'll admit it) for people. They see wireless keyboards, hmm, this one's $29.99, this one's $79.99, which do I get...

If you expect the words "secure" "wireless" and "cheap" in the same sentence, you are asking for far too much from consumer products, I'm afraid. If you want security, keep a regular wired keyboard, if you want convenience this is ok. How many people CARE if people know what they type (random keys are of little use really) and more importantly, how many people are "important enough" for people to get within 100 ft. to sniff them out?

learn the dvorak layout ...

[j1mmy]

even typing on a qwerty-converted-to-dvorak keyboard, the text would still be decipherable, though with some more effort. it might be enough to deter a lazy sniffer.

Enough already

[GoofyBoy]

Really, alot of things are insecure but after trying to be security consious you can't secure everything in the world. Is it even worth it in the hopes that one time you could get something interesting? There are easier ways of getting personnal information.

For example, I could break-in and install a camera pointed right at your monitor/keyboard. Does this justify turning your desk 90degrees every hour?

Re:Enough already

[GoofyBoy]

But for what? Even if its easier, the good majority of traffic is of a non-sensitive nature.

For a corporation or a individual, more "interesting" information would come from their trash.

Re:Enough already

[bahtama]

But as is shown in the article a while back about the people driving around the Silicon Valley, hanging out in a parking lot is alot easier and anyone with the right equipment and a little skill can do it.

By making something just a little more difficult do to, you can eliminate alot of the newbies that would try it and succeed. A script kiddie would sit in a parking lot for 10 minutes and try to sniff keyboard traffic (funny thought), but probably wouldn't break into an office.

=-=-=-=-=

Re:Just shows how important key management is

[ncc74656]

For instance, the system could use a Diffie-Hellman key exchange by giving the PC side a transmitter and the keyboard side a receiver.

If you consider where Logitech makes most of its stuff, there's a fair chance they wouldn't have been allowed to put in such features. Encryption makes life difficult for Big Brother.

(Nearly everything Logitech that I've seen in the past few years has said "Made in China" on it. Think about it.)

Re:Cordless Logitech trackballs

[cyberdonny]

Actually, many are connected to neighboring towers via microwave links.

Paranoia makes you feel important.

[flockofseagulls]

My grandmother had her cable TV service disconnected because she believed "they" could watch her through her TV. The more extreme worries about security and privacy that come up periodically on slashdot are in the same vein.

Unless you are a real spy, diplomat, or someone with real secrets to protect why do you think the CIA or whatever gives a shit about sniffing your cordless keyboard? If they really wanted your secret passwords they would just get a thug to threaten to beat you up--much cheaper and less time consuming.

Stop reading Tom Clancy novels. No one cares about your keystrokes.

Re:Paranoia makes you feel important.

[geekoid]

You have a good point, but I'd like to offer a counter point:
WHat if a government agent starts putting devices that aoutmatically 'sniff' for wireless information looking for keywords? Think of it as a wireless carnivour
I don't think this is happening right now, but it is certianly feasable, and probably will happen in the future. Hopefully people will find out and force them to stop. Occasionally people need to be reminded of the 'vunerabilities'. Sure you and I have heard this sort of thing 1000 times, but what about people just getting interested in technology?
Thought 'they' could watch her through cable t.v. hehe thats funny, everyone knows its done through satalite TV... ;)

News flash!

[Hard_Code]

People can hear you when you talk on the phone!

Re:Cordless Logitech trackballs

[British]

Cordless telephone poles, don't you mean cell towers?

Re:Poppycock

[Dwonis]

Didn't the PET have a VHF RF modulator built in (i.e. you connect it straight to the TV)? That would make reception a little easier.
------

Re:How about your (now legally binding) signature?

[Dwonis]

It's a lot easier to tell someone in person that "I didn't sign that" than it is over the internet to someone who has never met you.
------

security issues about Spike

[sometwo]

I am curious about the security issues in the Spike standard mentioned here a few days ago: http://slashdot.org/article.pl?sid=01/05/22/001250 Anybody know how that will work? What's to stop your from accessing your friends system across the street? I know this is short range but the controller will still have to "log in" to the base station. How will this be accomplished? Imagine a Quakecon and everybody is using these things. Hopefully it won't be chaos.

Re:Poppycock

[jovlinger]

This isn't van eck-ing, as the keyboard is BROADCASTING a signal that is MEANT to be picked up. This makes it orders of magnitude easier to pick up, as it is designed to stand out from the noise.

On the other hand, completely passive van eck setups need to do alot of work separating the signal they are interested in from the background noise.

On a completely different note: those concerned about password security can move to a face-recognition login setup, which would require the attacker to capture the screen in order to compromise security,

Updated cliche version 1.02

[glitch!]

"The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.

- The only safe computer is locked in a room and unplugged from the Internet.
+ The only safe computer is locked in a light-tight, Sonex lined, Faraday cage and unplugged from the Internet.

Re:Updated cliche version 1.02

[wetballs]

my computer`s safe - the BIOS just died.

Re:Cordless Logitech trackballs

[bungalow]

I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole ...

...and yet you bought it. Yep. You shilled out $60 - $80 of your hard - earned cash for something that you admit was worthless. You're the kind of consumer we love.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Mice vs. keyboards

[ucblockhead]

For keyboards, I can imagine this being a real security issue, but I'm not sure how you could get useful information out of a mouse without having some access to the person's screen.

displays as well

[smeeze]

I attended a talk by sten kalenda last year. He's an expert on security. Basically he said that the signals going from your video-card to your monitor can be intercepted from several hundred feet as well. Got something to do with the frequencies or stuff.

Solution:

[JEI]

For the extremely paranoid, one could put one's computer in a Faraday Cage. Since there is no electric field within a conductor, radio cannot get in or out - radio is light is electromagnetic waves. No listening in on your wireless input, no listening in with TEMPEST, whatever that is. The only problem would be your ethernet cable. You could also use fiber optics for all conections, no radio leak from them.

Re:Sniffing keyboards

[selectspec]

You can sniff Monitors from up to 1000 yards away (often through most kinds of walls) with highly sensitive (an perfectly aimed) tranceivers. The tranceivers pick up the monitor radiation from the tube gun and can basically aquire and reproduce its input signal.

What's the big deal???

[TwistedGreen]

I have a Logitech Cordless Trackman Marble, and it's great. It's especially good because I can use it as a remote control for my TV tuner card, which is pretty much why I bought it. But I don't see what the big deal is. What could you possibly gain from sniffing someone's mouse? Not much, i'd think. Now, a wireless keyboard is a completely different matter, but mice? It is cordless, it does use RF, and it does have quite a range if positioned properly. No one should expect it to be secure! It's only a mouse! There are much more important things that could be sniffed (eg. my monitor or keyboard). I'd think that the mouse would be a completely useless thing to sniff.

----

Crypto to the rescue?

[beej]

Seems like overkill, but some secure crypto algorithms are really easy to implement.

You could have a super-low voltage transmission (only powerful enough to reach 10cm or so) for key exchange when the user holds down a button on the bottom of the mouse. Once the key is exchanged between the mouse and base, it can be used to stream-encrypt the data.

Strong key generation would be relatively easy--build up an entropy pool from mouse movements over time.

I should get a patent for this! They'd allow me to patent this stupid thing in a heartbeat!

Re:RF Keyboards

[blumpy]

Don't be so sure of that. I believe some night vision technology is based on picking up IR radiation, and I'm quite sure that you can see things more than 100 yards away with that type of equipment.

Re:That is a dangerous attitude

[dgb2n]

It's not a dangerous attitude, its a realistic one. Do you really think the black helicopters are circling your house trying to sniff your root password from your wireless keyboard? Get a life. No one cares that much.

As far as the credit card system goes, no one is saying you should transmit your credit card unencrypted over the Internet. But you can get it stolen just as easily from a clerk or the waiter at your favorite restaurant. The security of using a credit card and the protection it offers against unauthorized use is part of the service you pay through interest payments, annual fees, and vendor fees. Don't complain because this guy understands that.

RF Keyboards

[Bandman]

Relax. This only applies only to the RF keyboard models. The IR models arn't succeptable.

I DARE someone to sniff my IR communications from hundreds of yards...

Re:RF Keyboards

[dsginter]

I've got a port that emits a good deal of IR. After some broccoli or a can of beans, you can sniff it from hundreds of yards away!

Re:RF Keyboards

[mmaddox]

Or are they? Could you use a similar detection mechanism to those laser-sensitive "radar" detectors? How little scatter could be detected from an IR transmitter? I assume the amount of scatter would increase if you tended to type in a sauna, or if you smoke like a chimney.

Re:RF Keyboards

[quantum+bit]

I DARE someone to sniff my IR communications from hundreds of yards...

Ok, no problem. The original discussion about this (almost a month ago!) touched on IR devices as well. All you need is a line of sight to the beam. Once you have that you can send another IR beam through it (won't affect the communications because the frequency is different) and then sniff by detecting shifts in the interference patterns. Not quite as trivial as RF but certainly possible. Just a couple tiny holes in the wall and you're all set...

Re:Cordless Logitech trackballs

[donutello]

I bought a Logitech Cordless TrackMan FX the other day ... that's about as useful as a cordless telephone pole ...

And you bought it because you're really into cordless telephone poles?

Re:The CIA

[RollingThunder]

It's correct, except it's not for protection from sniffing keystrokes - it's for using lasers to pick up vibrations from sounds in the offices. I believe I saw this on "Dangerous Places", so YMMV. :)

Small question...

[biglig2]

...how hard would it be to put something in a wired keyboard that would trasmit everything you type?

I'll bet, not very. Of course, you need physical access, but like everyone is saying, if you believe you are likely to be subject to this sort of intrusion, you aren't going to buy wireless anything.

Re:Just shows how important key management is

[Col.+Panic]

Nah. You would need an SUV for Monica to have more ... uh ... head room.

SCANMAN 1.0

[AiX2]

I installed the sniffer for five minutesand this is what it dumped out

*START LOG* *SCANMAN 1.0*
http://www.yahoo.ocm\nNOFUCKYOUDIPSHIT\n\n\n\n\n \n http://www.yahoo.com/\npersian kitty chatroom\na/s/l?\nYes, I am on AOL, how did you know?\nhey, i'm on company time paying to talk to you sexy ladies\n\nWhy yes I do have a large penis.\nWell, if you say please\n\nwith a cherry\nOH SHIT BOSS, GOTTA GO\nhttp://www.microsoft.com/ie/\nAS#@$@ASDFyoupie ceofshitworknow!\n\n\n\n\nhttp://www.netscape.com

*END LOG*

--Ryan

Re:Somebody PLEASE spy on me!!!

[}{avoc]

That's the best way to put it... or as I saw on a passworded section login to some website, "Sure, this isn't reallyu secure, and it's probably really easy to hack, but ask yourself if you _really_ want to spend that time just to get in _here_."

The paranoid ignorant

[ahde]

Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

I bet you bought a Fisher Price baby monitor and trembled in fear the day the exploit was uncovered that let kidnappers and federal agents tune into your RADIO TRANSMISSIONS! and tell when junior wakes up.

Re: If Jack Ryan has one, it must be real

[ahde]

and I'd like to get me one of them Dick Tracy watches, too

Wait a minute... those really do exist, and they run linux

Re:Conduits

[ahde]

I think you've got it!

Re:Not suprising. Privacy ain't the half of it.

[ahde]

No, Verisign is doing so well because they have a monopoly on the little padlock icon in your browser window, among other things.

Re:Just shows how important key management is

[tonywong]

somehow I see a mastercard commercial in this... giving the PC side a transmitter - $0.25 and the keyboard side a receiver. - $0.20 the keyboard could have had a light sensor - $1 docking/charging stand - $5 CEO of Logitech's computer getting wireless hacked - priceless

Re:Just shows how important key management is

[tonywong]

somehow I see a mastercard commercial in this...

giving the PC side a transmitter - $0.25
and the keyboard side a receiver. - $0.20
the keyboard could have had a light sensor - $1 docking/charging stand - $5

CEO of Logitech's computer getting wireless hacked - priceless

-this time with Plain ol' text....

Tempest

[Lazarus54]

The CIA can already sniff your keyboard and mouse movements, wireless or not. It's called Tempest. It was mentioned briefly in Rainbow 6; Jack Ryan has a computer which he refers to as "Tempested" which I took to mean resistant to Tempest sniffing. The CIA did a short demonstration with a computer bigwig (I forget who) where they showed this technology off a year or so -- they were able to sniff a login/pw from a family computer from about a block away.

Laz

Re:Tempest

[geekoid]

Now heres a story about Tempest radiation
Some smart guy at MIT said to himself "I wonder if I can read other peoples computer screen via its radiation"
Then creats something that does it very quickly and very well.
He published his results, then some people from the CIA show up and ask him to please stop telling everybody how to do that, for national security reasons.And they had been spending years of effort and millions of dollars figuring out what this guy did in about a year.
They then took all his work.

Re:Tempest

[jayteedee]

Actual Tempest is the name of a room designed to thwart electronic spying. Usually used in the sense of "tempest room". It basically is a room which is a gaussian sphere, i.e. all metal, including metal contacts around the perimeter of the door. You can't scan wired keyboards and mice. You can however scan RF transmitting devices such as monitors. It is quite easy to sync a signal from a monitor from quite some distance away and literally be able to see what the user is displaying on their screen. So the defense industry uses tempest rooms to shield the electrical transmissions from the computers.

Re:Tempest

[unicaller]

I made a box that could puck up keystrokes from a Intel 805X based keyboard from about 15'. I know some one how used to copy Atari coders from a van outside their office. As long as you know what kind of keyboard they have it's really not that hard.

Re:Tempest

[unicaller]

You can't scan wired keyboards and mice.

Yes, you can. Mice and keyboards generaly use out dated(cheep) microcontrolers what you do is use an RF reciver to scan in the frq of the controler. From this you can put the key strokes back togather. Most keyboards use just a few controlers and most of them use the same look up tables. With older keyboards you could listen to them from 100's of feet. Now its more like 25-50 feet. I have also worked on forcing RF in to the controler, to make it produce keystrokes didn't work very well but can be done with fairly simple microcontrollers.

Re:Tempest

[(H)elix1]

Tempest sniffs the EM from the monitor, letting them "see" what you see... nothing to do with the mouse and keyboard - except for what you see on the screen.

Re:Tempest

[loucura!]

TEMPEST is not a means to sniff your keyboard and mouse movements. TEMPEST is a standard explaining that it is possible to intercept and recreate electromagnetic emissions from a computer screen, computer chips and other aspects of the system. A TEMPESTed system is one that is hardened against spurious emissions.

Information on this can be found here: http://www.eskimo.com/~joelm/tempestintro.html#Wha t is

Re:Tempest

[loucura!]

Erm, forgot to add that what TEMPEST defends against is Van Eck Phreaking. This site gives a background of Van Eck's research and also some of the events that occured that spurred the research. It also gives information on building your own Van Eck Reciever: "One other thought comes to mind of an experimental nature. Since the screen of a computer is not always changing and for the most part stable in its display, why not take the received signal and digitize it! You could filter out signal noise clean up any true video signal present. This is no great techno-wonder, the basic gear could be put together with Radio Shack or the like types of equipment. And the cost is still most reasonable. If not available there, costs for home-brew gear would not be that high. The simple electronics blocks would consist of comparators, video detectors, data seperator gates, a to d - d to a converters, data amp and a signal level converter. Or the better version, might be a modified slow scan television system with error correction and clean-up circuits. Such units work over normal phone lines or standard radio channels and since the units can take signals from these two different types of inputs, there should be no problem in adapting the unit to accept a cleaned up analog signal from a digitizer." Not very informative, but it is a start...

Here's a prank

[Tungz10]

Once I took apart a guy's computer, smashed all the parts with a baseball bat, and then put it all back together. Now THAT was a funny prank.

(OK so maybe I didn't really do it)

Old News

[zpengo]

This is, once again, old news. Sniffing electrical signals to determine what a user is doing isn't new at all. I found this out myself about six or seven years ago, when I had a mouse wire running under some speakers. As I moved the mouse, the speakers twitched and hummed according to how I moved.

Since then, I've seen dozens, if not hundreds, of articles about this or that surveillance technology that does basically the same thing, only it decodes the signals and puts them into something more intelligent than pops and hisses.

Anyone who uses a wireless keyboard and thinks that nobody could ever find out that he's writing mash notes to his favorite porn star is naive, and plain stupid.

In Other Breaking News...

[Zalgon+26+McGee]

Radio Waves Propagate!

This is not remotely (no pun intended) interesting - OF COURSE signals from wireless keyboards and mice can be detected at a distance. If they couldn't be detected, they wouldn't work.

Slashdot: Home of the blindingly obvious.

Re:All wireless communicaitons are insecure

[belroth]

Easy with analog, I think you need specialised hardware to snoop GSM signals. Ditto cordless phones, analog is easy but DECT is significantly better. I don't know if either technology is common in the US yet :-)

How about TFT panels using digital connections - are they easy to sniff?

I have a logitech wireless KB and mouse and I was well aware of what I was transmitting before this story, that's why I use my laptop for anything important - I know it's still snoopable but it has no keyboard, monitor or mouse leads to acts as RF antennae so it would make life harder for a snooper.
----

Bad grammar hurts Baby Jesus's Eyes

[gvonk]

DATA is a PLURAL WORD. My data are stored on my hard drives.

Re:Bad grammar hurts Baby Jesus's Eyes

[blown.penguin]

Grow Up!

Re:Poppycock

[John+Miles]

I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna

Good point. We must all be careful not to let anyone with any homebrew Van Eck gear within a few feet of our Commodore Pets!

But for any real Van Eck threat, my point stands. You lose 6 dB of signal every time the distance doubles, which will easily cost you an additional 6 dB of money and effort each time. :-) By the time you're sitting in a van on the street outside, you're looking at NSA-style budgets.

At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry

Again, if the people after your data are capable of pulling off this sort of thing, you might as well tie a white rag to the end of a stick and surrender peacefully.

Re:Just shows how important key management is

[Bitsy+Boffin]

They must already have a transmitter and reciever though ?

I'm thinking the lights on the keyboard here, NumLock, CapsLock, ScrollLock. On "real" keyboards these can be turned on/off by the computer not just the keyboard.

Can these wireless keyboards not do that ?

Mouse?

[WowTIP]

Well, I kind of agree but many ppl, sometimes even "professionals" just don't think about it. How many wireless LANs are/were not insecure? And they were most often put together by ppl who was supposed to know what they were doing. So general warnings aren't wrong, are they?

But why would anyone want to sniff the mouse? Keyboards, I can understand, but what useful information could you possibly get from a mouse? :)

--

"I'm surfin the dead zone

Re:Mouse?

[tantrum]

But why would anyone want to sniff the mouse? Keyboards, I can understand, but what useful information could you possibly get from a mouse? :)

If you would like to do exactly the same as the user before you. Say that the person you are listening to logs on to a w2k server right after a boot. Then all you needed to do was doing a cold start, and resubmit all the data you received 10 minutes ago, and you cold do whatever he did.
not that you wouldn't be able to do this by reading through the key-log, but...

Who would use such a keyboard on servers, though. The real problem would be with lazy sysadmins, who logs on to their workstations with admin rights.

Re:Just shows how important key management is

[sigwinch]

Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.

Utter bullshit. Put the cheapest possible one-wire jack on the keyboard, and on the dongle ($0.15 X 2). Supply a one-wire cable ($0.15) to go between them. When a special key combination is pressed ($0.00) the keyboard selects a new encryption key and transmits ($0.10) it down the wire. Use a high-edge-rate signal so you can use a capacitive return and only need one wire. Receive the key ($0.10) on the dongle and store it. The encryption algorithm can be something like Blowfish (IIRC it fits nicely in even limited microcontrollers and wouldn't add much cost, if any). The cable would only need to be connected during initial key setup. Total cost: $0.65, and my price estimates are extremely pessimistic. They're probably doing custom silicon anyway, where these functions could have been trivially implemented.

If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.

Again, utter bullshit. Once a large segment of an urban population installs a security hazard, it becomes cost effective to build snooping stations and collect passwords and credit card numbers. 25,000 yuppies checking their stocks and buying things over the Internet is an *awesome* target.

Re:Poppycock

[sigwinch]

But for any real Van Eck threat, my point stands. You lose 6 dB of signal every time the distance doubles, which will easily cost you an additional 6 dB of money and effort each time. :-) By the time you're sitting in a van on the street outside, you're looking at NSA-style budgets.

It's only expensive if you use MIL-SPEC equipment designed by gov't contractors. Switch to ham radio equipment, a commercial digital o'scope board, and homebrew, and it's a few thousand dollars tops. I.e., within the budget of anybody who wants to take the time to do it. Think Pinkertons. Think Church of Scientology. Think drug dealers. Think credit card fraud rings.

Re:You make it sound so hard; it's *easy*.

[sigwinch]

I haven't actually seen one of these keyboards, but I was thinking of a design that has a small dongle that plugs into the back of the computer with little or no cabling. To get at the contacts, you'd have to turn the machine around and touch a keyboard to it. That's possible, but a real PITA.

As for the iButton/1-wire/MicroLAN stuff from Dallas, I've played with it. They have some really cool devices. Their superfast 8051-compatible microcontrollers are neat too.

Re:Just shows how important key management is

[sigwinch]

Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed...

True. If I were doing it, I'd publish the security info so interested parties could review it for themselves.

Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs.

I don't know either. I would suspect they used one of the many wireless chips that are available, but there is enough profit margin and the market is small enough that they could have rolled their own radios.

I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...

Well, there are the multiple LFSR ciphers which can be implemented in a few hundred transistors. Bluetooth uses this type, precisely because it takes a trivial, albeit custom, amount of silicon to implement. These aren't the greatest ciphers, but they can be decent. Schneier's Twofish cipher was specifically designed to fit into smart cards and uses very few resources.

You need long term storage to hold the key (FLASH, NVRAM, whatever),...

True. But that wouldn't add much cost, especially if they microcontrollers already include a little EEPROM.

...and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

Battery backed == bad. If it's not EEPROM, I'd say don't bother. As for replacing the cable, it would be a wire with a mini banana plug on each end. The customer could replace it themselves with a piece of 18 AWG solid wire with the insulation stripped off each end. Or you could sell them a replacement (which replacement would have a breathtaking profit margin).

Hmm...I sense a business plan. All these little gizmos, like remote controls, garage door openers, Bluetooth cards and telephones, game controllers, SPIKE gizmos, and so forth have one thing in common: for proper security, they need a hardware key-exchange system. Which means a cable. Which means an enormous business selling cables. Which means that cable companies could give away strong encryption as a loss-leader, and make it up with a captive market for synchonization cables.

Re:Just shows how important key management is

[sigwinch]

Anything that increases the cost has to increase sales.

Logitech could have put in good encryption, and talked up the weakness of their competitors. One press release per weak about how your competitors are betraying the public can drum up a lot of business.

You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.

Wrong. Lots of work has been done to stuff good encryption in tiny CPUs. Think smart cards. In particular, ciphers that use multiple LFSRs require miniscule amounts of silicon.

Plus it is hard to imagine anything simple that works out of the box...

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!

WEP was designed by a microcephalic crack-smoking monkey. Price had nothing to do with it. It is poor entirely because it's designers had essentially no understanding of cryptosystem design, and they didn't bother to have it reviewed by experts.

Tempest and military

[nordicfrost]

I don't get it. Any moron should know that anything that emits radio waves is unsafe to use in a secure enviroment. I have a lot of experience with military computers, and wireless keyboards are forbidden (Under military instrictions in Norway) even on unsafe internet-connected computers. It's just too easy to sniff.

Regarding Tempest; The instructions (In short) for tempest shielding here is that servers have to be in a Tempest approved room. There can be no windows, and no RF emitting at all. CAT-5 is banned, it's fibre all the way. Any hubs, switches or routers have to be in code locked shielded safe-like containers. And there is no way, NONE at all, to connect it to the internet.

Not suprising.

[re-Verse]

I never did want to touch those things. We make so sure that noone sees when we type in our passwords, sometimes even disguising the way we type, faking hitting certain keys etc, i've seen some Very paranoid people. I'm sure they'll not be happy to know they've been shouting their passwords and credit card numbers across the room for anyone to tune in on.

Sounds like its a whole lot easier than installing a key grabber on a users computer, some quiet geek sitting in the cublicle in the corner could be listneing to it all. fun.

Re:Duh!

[burris]

Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation.

I suggest you get a book on cryptography, such as _Applied_Cryptography_ by Bruce Schnier. There are many key negotiation protocols, but the most famous is "Diffie-Hellman Key Exchange" which is also the first public key algorithm invented. It is actually quite simple and only takes one round trip of messages (Ian Goldberg came up with a protocol for doing DH key exchange over e-mail.) You start with a Generator, G, and a public key, n. Neither of these are secret. Alice and bob each generate a large nonce, x and y respectively, and do the following:

alice sends to bob X = G ^ x mod n
bob sends to alice Y = G ^ y mod n
shared secret is G ^ xy mod n which alice gets by computing Y ^ x mod n and bob gets by computing X ^ y mod n

alice and bob can each generate the secret key because they know either x or y. eve, an evesdropper, cannot generate the secret key because without either x or y, computing the secret key from X and Y alone requires calculating a discrete logarithm, which is a Hard Problem. This is not intensive calculation by today's standards since my Java ring is powerful enough to do modular exponentiation in a reasonable amount of time, and it is several years old. You are absolutely correct that adding two way communication to a wireless keyboard/mouse would be much more expensive, however.

burris

Poppycock

[burris]

No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests.

I must say that this is not at all true. I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna. This was at HoHoCon '92. Sure, a PET is quite noisy, the distance was short, and the refresh rates weren't matched, but you could read the computer screen on the TV so it was a powerful demonstration nonetheless. Better equipment and analysis software does improve the effective range of recovery and allows recovery of signals that are more complex than video, but it goes to show that basic techniques are actually quite simple.

(And how many servers display passwords on the screen when you log onto them?)

At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry. Disk controllers, network interfaces, keyboards; pretty much any circuit at all will generate emissions that can be recovered. Bootleg also stressed that information can be recovered from more than just the air. Information goes out through your electrical circuits too, this is why extremely secure facilities generate their own power and do not connect to the grid. Amazingly enough, the pipes in building sprinkler systems act as antennas and information can be recovered from the plumbing exiting the building. Information can even be recovered from the ground!

Burris

Re:Mouse Data Is Useful.

[Sibelius]

I don't know why this is considered funny in a sensitive context like security, because the implication is very real. There are security applications out there that build keys from "random" input such as time between mouse clicks and movements. Ergo: get the key -> bye-bye cipher.

How about your (now legally binding) signature?

[Dlugar]

Ooh, better keep people from looking at my signature! If they see it, they might want to forge it elsewhere! There's nothing to keep them from doing that! Oh no!

Missing the point

[btellier]

Many of you have said that this isn't news simply because there have been issues in the past, such as "Tempest" style monitor radiation and reading the emissions from wired keyboards and mice. The major difference between these issues and this new vulnerability is: AN ATTACKER CAN HIJAACK THE CONNECTION. A user can spoof the RF that the recieving unit thinks is coming from the keyboard. The Tempest emissions didn't allow any attacker input. Think about it this way. An attacker can force your computer to dialup and get on the internet, assuming it's connected to a phone line, or cause you to email the contents of your HDD to anywhere.

Hardware required for sniffing

[librarygeek]

I must first admit that i am unaware of the design of these keyboards but i assume there is only a few channels they operate on. All you would really need to "sniff" these devices would be another reciever device of the same type set to the same channel. Once you have the channel figured out the second device, attached to a second PC, should display what was being typped on the original? This is the way the old RF keyboards sold with the Gateway 2000 Destination series of computers worked. We purchased a few of these where i work and i used to love to annoy people by setting a second mouse to the same channel they used, then in the middle of a presentation start moving their mouse around on them.

"Out of Band" key negotiation could fix this.

[8-Bit+Junky]

Instead of pressing the button on the mouse / kb & receiver to select one of several (preset!) session keys, Logitech should have used "something else" to establish communication.

Like IR, or even a short patch cable. Simply attaching the cable between the remote device and the receiver could start the protocol negotiation, and a much more secure one to boot... When the negotiation was finished the receiver could blink a led or beep...

My biggest problem with these Keyboards are their lack of LEDs for numlock, scroll lock and caps lock..

OH NO NOT THE MOUSE

[_Bean_]

I mean come on do I care if someone can read all of my mouse movements? The keyboard is certinally a bigger issue but as long as your at your desk I don't really see the point in a wireless keyboard anyways.

Re:Cordless Logitech trackballs

[stilwebm]

Actually, they are used for presentations frequently (so you don't have to stay at the podium).

DUH

[stilwebm]

If you are security conscious and bought a wireless keyboard, you deserve to have your head examined. If it didn't say "Strong Encryption" or mention some other form of security on the box, you didn't honestly think it was secure did you? Even IR keyboards can be "sniffed", although not nearly as easily.

Paranoia

[Shyryly]

There are easier ways for someone to get your 'secret' information than going through the trouble of buying these Logitech components and building this sort of limited intrusion device.

The average person using this sort of setup isn't a security conscious individual in the first place, so why go through the hassle?

Also, based on the nature of the devices, of course you can find a way to intercept the data they're transmitting. This is true for any device that transmits information through the airwares. The lack of encryption just makes everything a cake walk once you've got the detection device made.

I don't see anything on the product features for the wireless components on Logitech's website to suggest that the items in question are flashable, so you're stuck with the unencrypted traffic if you currently own one.

Secuirty - Wired Mice & Keyboards Can Be Sniffed

[mini+me]

I thought even wired mice and keyboards could be listened to with the right equipment! I remember watching some tv show a few years back about this. They showed that they could grab what someone is typing from across the street by picking up the signals generated when a key is pressed.

And hey if you are real good (1337?) you could even pick up all the data travelling through the computer! Everytime a digital high is generated there will be RF interference and with the right equipment you should be able to grab this. Sorting out what is what however might prove to be a different matter.

The only truly secure computer is one that is off, locked in a room, and preferably not assembled.

Cordless mouse

[matt2413]

What harm is sniffing my mouse going to cause? I certainly don't do anything w/ the mouse that would give up any keys/passwords...

Don't forget the Faraday Cage

[Ray+Yang]

Well, if you *really* wanted your computer to be secure, you should put a power source and your computer (along with your office), inside a Faraday cage, with no wires going in or out. Last I checked, this will ensure no meaningful leakage. Now, when those gravimetric sniffers come out, we're screwed, since no known method of blocking the propagation of gravity waves exists ;-)

Ray

Re:Cordless Logitech trackballs

[geekoid]

Actually, I wish they had those when I bought my cordless mouse/keyboard package.
That way I could lean back in my chair with my keyboard, and just mount the cordless trackball on the chairs. to move the mouse I need to much room to mont it on my chair.

A SOLUTION!

[Uncle_Goddamn]

If somebody could just find a way to physically encapsulate the signal used by these devices in some form. Maybe transmitting them on some sort of electrically conductive, yet flexable medium... oh wait... ....

encryption costs money

[ashultz]

This is as surprising as the sun coming up, really. Unless you had some sort of hardware encryption with unique keys embedded in the keyboard (and hardware or maybe software on the other end to decrypt it) it's going to be sniffable.

Encryption hardware costs money. Using unique keys per item costs money to configure them at the factory. If keyboards aren't cheap no one buys them. The math is pretty inescapable.

Security

[buss_error]

"The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.

Actually, I think the qoute is "The only secure computer is one unplugged from the internet, power, monitor, keyboard & mouse, shoved into a crate, pour cement into the crate, nail it shut, wrap it in chains, place in a larger crate, pour more cement into that, then bury it 50' underground."

Personally, I think that's optimistic if you are running windows.

Secure TV Remote Control

[Laplace]

What we really need is a secure television remote control. My old room mate once bought a watch that doubled as a TV remote. He programmed it to work with the house TV then proceeded to mess with everyone in the house. Imagine what marketers, or the FBI, or some haX0R could do to the televisions of the world. When will we wake up and see the real threats that face us?

Complete list of Logitech frequencies

[rjbrown99]

Here is the list of frequencies for each model of keyboard. This is direct from Logitech's web site:

http://www.logitech.com/cf/support/1029.cfm

It's nice when they make it easy for you.

Re:Complete list of Logitech frequencies

[rtscts]

It's nice when they make it easy for you

If they didn't I'm sure they'd get many angry emails from /.'ers, etc. about security by obscurity, closed/proprietary protocols, etc.

Re:Complete list of Logitech frequencies

[Technician]

Most of the 27 MHZ frequencies are the same as RC toy cars and boats. Don't use your computer in the same apartment that has kids. You may crash his toy monster truck. Really, many RC toys use transmitters from 100mW to 750mW I think the cordless stuff are on the low end of the power range to save batteries because they are rarely used beyond 100 feet, but the controller for that RC 4 wheeler may jam your keyboard.

Re:Complete list of Logitech frequencies

[bahtama]

This is why script kiddies can bring down networks and whatnot. They find something on the Net that is really easy to do and they do it.

By making keyboard sniffing (a funny thought in itself) a little harder, you could eliminate most of the people that would try it in the first place.

I don't agree with Security by Obscurity anyway, but this is giving too much information to people that think it would be cool to try.

=-=-=-=-=

So?

[sparkz]

So you can sniff my password - if you're within line of sight, really. Good for you. You can see the commands I type, but not their output. The main users of these devices are slobs who want to stay on the sofa. You're not working on confidential data, you're surfing the net.

#include <stddiscl.h>

That is a dangerous attitude

[Srin+Tuar]

The credit card system is in shambles. If it was designed properly we wouldnt have to subsidize billion of dollars of theft via higher prices at the store.

This country is becoming increasingly dependant upon computers, and as it does so you will become even more vulnerable to electronic fraud and surveillance.

It may have been easy for you to show that you obviously didnt make those charges on you credit card bill, but do you want to have to explain that you didnt request that $20,000 online "cash" advance next time, that was promptly "lost" at some ecasino?

Basic common sense security is something you should consider. One day, your attitude may come back and bite you.

Re:Wireless == sniffable

[plover]

you'll probably have to explicitly cast all references to k to (char *)k. Sorry about that, Micro$oft VC++ 6.0 lets you be really sloppy with conversions, so I take advantage of that to make it smaller.

Unless, of course, you can turn that off on your compiler, but I've found no way to do it with gcc.

John

Wireless == sniffable

[plover]

Its wireless == its sniffable. There is nothing you can do about it.

Sure, it's kind of cool that they used the off-the-shelf Logitech receiver against itself, but a custom reciever would perform the interception passively.

Hardly anything to panic about. Your cordless phone probably leaks more personal info about you anyway.

John

P.S. Did anyone else think Bluetooth?

CRT sniffing == not just photography

[TeknoHog]

Can't remember any links now, but in a lecture by Duncan Campbell he mentioned a new method by which the lower-frequency electromagnetic radiation (i.e. not light) from CRTs and even LCDs can be monitored from behind walls, and most of the information can be retrieved.

--
I hit the karma cap, now do I gain enlightenment?

Re:Wouldn't bother me

[yukihime]

I wondered if anyone else was as lazy/pigheaded as me. now I know. ;-)

WARNING!

[FortKnox]

Warning! If you work with secure data on a computer, and there is a wire spliced onto your keyboard wire in an unusual way and the wire goes into a hidden corridor, out the window, or far from site, someone might be sniffing your data!!

(also see sig s/Privacy/Security/g)...

BWAH HAHAHA! wireless hax0r1ng

[electricmonk]

Now I can not only get internet access from your wireless 802.11 network, I can sniff your passwords too!

\/\/

Well, so what if they can see mouse events?

[John+Jorsett]

I'll grant a certain vulnerability if a snooper can see my keystrokes, but what possible use could the mouse movement and clicks be? Mouse movements are relative, and I pick up my mouse all the time, so you'd never be able to map it to a location on-screen. Without the screen info, it would be meaningless, and if you have captured what the screen shows, you don't need the mouse data.

hahah

[loraksus]

Damn rich kids with their exotic keyboards and mice!
Serves them right.

MY keyboard was made in 1987, weighs several pounds, but kicks ass, just need an adaptor from AT to PS2.
Sniff this

The slashdot 2 minute between postings limit:
Pissing off hyper caffeineated /.'ers since Spring 2001.

Re:Cordless Logitech trackballs

[andyh1978]

Actually, they are used for presentations frequently (so you don't have to stay at the podium).

Oh, the embarrassing possibilities...

A couple of people in the audience with a cordless keyboard and/or mouse on the same channel... a couple of clicks... a few choice webpages projected on the screen...

I don't think you'd be staying at the podium for long. :-)

Re:Sniffing keyboards

[Rorschach1]

Remember, these things are just spitting the scan codes out as serial data - the effect being that to the human ear (with an inductive probe) the repeating scan code sequences sound like varying tones or buzzes. And yes, it'd be difficult to separate the signals from multiple keyboards. But I'd think it wouldn't be unreasonably difficult to build a sniffing device that could be covertly placed within a few feet of the keyboard to record keystrokes and be recovered later.

Sniffing keyboards

[Rorschach1]

Actually, it's not terribly difficult to get data from a wired keyboard at a reasonable range. They run at a low data rate and leak a fair amount of RF. You can demonstrate this by holding an inductive probe near one and pressing different keys - they all make different tones.

Re:Sniffing keyboards

[unicaller]

They do in a way. All most all keyboards use 8 bit microcontrolers with 255 possable keys(haven't seen any with that many) each bit pattern will prduce a diffrent RF pattern(tone).

Well

[SnapperHead]

What do you expect ?! Do you really think they would use some form of encryption ?? If your worried about people sniffing your mouse movements in Quake or what you type, don't buy one. Its as simple as that.

until (succeed) try { again(); }

of course they can be sniffed

[muerte24]

they are beaming an easily detectable infrared signal from a fairly strong LED. if your keyboard has to be a palm pilotesque 3 feet from your receiver which has a lens/detector about 1/8" across, that means that if i have a mirror/detector about a foot in diameter i can get the same signal strength from almost 300 feet away. barring dust, humidity, etc, etc.

what's _really_ scary is the TEMPEST style attatcks. where the RF from your monitor can be received and reproduced from hundreds of feet away. look around on the web for TEMPEST stuff. the _only_ way to protect yourself from being sniffed in that manner is to encase the whole room in copper. as in a copper door that seals on a copper frame, etc. the bright side is that the attacker needs fairly sophisticated and expensive equipment to be able to do this.

going back to the logitech wireless thing, i think there is a way to defeat the more casual sniffers. if the base station continuously transmits a sort of "key" back to the mouse/keyboard, it is _very_ improbably that the attecker has a good enough Line Of Sight to be able to intercept both signals, and then do distinguish the two. it doesn't have to be any kind of complicated cypher, just an additive digital key.

why doesn't somebody program a palm pilot to sniff digital keys? just use some eyeglasses and a holder and you could pick up signals from (2 / .125 * 3 =) 50 feet away.

muerte

speaking then of digital keys, someday microsoft will enforce digital rights management on my keyboard. it will have to negotiate a session on my computer, then i will have to sign a lengthy agreement that i won't type in any copyrighted text.

oops

[muerte24]

the report says they are using RF, which makes it easier to detect the signal from up close (no LOS), but the signal is harder to pick up from farther away.

one easy way to make a pretty secure connection would be to make little enigma-esque scrambler wheels on the keyboard and base station. since the number of intercepted characters is probably low, your key length doesn't have to be outrageous to provide some security.

another way is to, every couple hours or so, prompt the user to type a special, newly generated word or two into the keyboard. the computer makes up the words, puts them to the screen, and tells the keyboard to stop transmitting. then the keyboard uses the typed in phrase for a new cryptographic key and begins transmitting again. it won't work with current models, but it would be a fairly robust system for newer models.

muerte

The Adage...

[Anal+Surprise]

It's not "unplugged from the Internet", it's "unplugged". As in unpowered.

100's of feets??

[_ganja_]

I've go one of these sets and I'm lucky if I can use the keyboard / mouse 10 Ft away from the PC. Whoever discovered a way to sniff the things 100's of feet away, can you please get in touch with Logitech so they can get more range on their own product.

Extreme Security

[Alien54]

Probably the best idea is to line your room with copper and ground it so that you make an inside out Faraday Cage. Barring that, you could line the room with aluminum foil.

The only problem is if it becomes a giant lightning rod. Especially if you are in the top floor of a tall apartment building.

Check out the Vinny the Vampire comic strip

Re:Extreme Security

[br0ck]

A Faraday Cage will shield anybody inside the cage from a lightning strike. However, I don't the cage will do anything to prevent the RF signal sniffing.

UH oh...

[cnkeller]

The implications for keyboards are obvious, but the mouse?

Said one hacker to another, "Hey check this gut out that I'm sniffing he just moved his mouse to 324,222 and is double clicking a lot...."

Re:Another thought comes to mind...

[wcbrown]

Though it would be a great prank to randomly type extra characters every now and then.

Oh no!

[poot_rootbeer]

Haxors can find out that I moved my wireless mouse 127 pixels to the left and right-clicked on something!

Keyboard Encryption

[SigmoidCurve]

Alas, it has come to this. Now we need an encryption scheme to encode what we actually type into the keyboard. Shouldn't be too hard, just use a good md5 hash and compile it into the readline library. Then just do the conversions in your head before you type in a letter. For example, 'a' would be 'bb86e686cd925adbf14b3e9e9302c2c8'. Maybe a little more time consuming - but hey, at least it's secure!

czep

Van Eck Phreaking

[Da+Cr33p]

Anyone who's read Cryptonomicon will have came across this. It involves scanning the radio emitions from the Cathode Ray in your monitor and using them to copy a persons screen without having a physical connection. The ranges on such a thing are tiny.

You can read more about it here and here

Da Cr33p

Wouldn't bother me

[Mtgman]

About once in every three times that I boot into Windows 98, my keyboard gets locked out. Don't want to drop my internet connection and lose any time needed to re-boot, so I just do without it for a while. I've gotten good at websurfing using nothing but a mouse, but cutting and pasting single letters to form google search strings can be a pain. A sniff on my keyboard would be pretty pointless even if I was surfing/accessing exactly the kind of nasty data the sniffer was looking for.

Steven

Re:Wouldn't bother me

[Mtgman]

A few years ago my brother, another geek, emailed me a challenge to see which of us was laziest. He said he would put off all his work till the last minute and not clean up his house or run and play with the kids for a full week.

One of these days I'll get around to replying to his email.

Steven

The Old Adage

[bartjan]

The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly paid guards. Even then, I wouldn't stake my life on it.
(Gene Spafford)

I think switched off also includes the removal of the batteries from the mouse and keyboard.

Diffie-Hellman

[hhg]

Would't it be possible to encrypt signals with DES, and have the units change their keys every 3-4 seconds? With the power of small chips theese days, such a thing would not be very difficult to implement.

Re:All wireless communicaitons are insecure

[GigsVT]

Cellular phones aren't secure. Anyone with a piece of hardware can listen in on your conversations. I know some people with such devices.

Yes, that device is called an "FM receiver". Nothing special there. (Narrow band FM) :)

PCS and spread spectrum help avoid such simple spying, but even those can be monitored, with more difficulty.

Monitor cables, yes, the corded kind, emitt signals that a TEMPEST scanner can reconstruct into an image of your monitor, like a remote wireless VNC termanal that is set to look only.

TEMPEST is the alleged military codename of an alleged standard that allegedly defines what you allegedly have to do to be secure from such alleged snooping, not the name of the spying equipment itself. (The government refuses to even acknowledge the existance of any of this. I don't want anyone to think I am someone with government security clearance or anything, this is just what I have heard.)

As to your subject, this doesn't mean that all wireless comms are insecure, it just means that all of them are able to be monitored. Encryption fills the role of providing security.
-

Re:Just wanted to post something

[GigsVT]

Anyone knows how long a physical mouse/keyboard extension cord could be?

Just a guess but,

It could be really long, if it weren't also powering the keyboard. I would think the DC resistance of the tiny wires would drop the voltage too much after a while. The data lines would probably also have to be twisted pair with proper grounding wires. Of course if you use external power for the keyboard then you have the problem of possibly mismatched grounds.

So, probably really long if you take some special measures, but probably not so long with cheap cables.
-

Re:Cordless Logitech trackballs

[Rosco+P.+Coltrane]

Because I could not find a replacement for my favorite model (the TrackMan Marble FX) : it looks like it has been discontinued in favor of the new model (the cordless TrackMan FX), which is virtually identical in shape, apart that it's cordless.

The wireless thing doesn't bother me, I just find it silly.

Cordless Logitech trackballs

[Rosco+P.+Coltrane]

I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole ...

"A door is what a dog is perpetually on the wrong side of" - Ogden Nash

Re:Cordless Logitech trackballs

[Technician]

It does, however when one is idle and not transmitting, another one can send the signal. It's just like 1 TV and 2 remotes. They both work but not at the same time.

Re:Cordless Logitech trackballs

[japhmi]

I actually think they make a great idea, because one of the main things I would use them for is to sit in my nice chair and use my trackball, and I wouldn't have to worry about finding a flat surface to move a mouse around on.

Re:Cordless Logitech trackballs

[jonsuen]

I think, by the way its designed, each base station normally will only accept one keyboard and mouse. Therefore, you'll have to do more than buy another keyboard.

Re:Cordless Logitech trackballs

[Magumbo]

This idea could make a cool joystick-like device. I'm thinking an ergonomic pistol grip with 4 buttons -- one in each of the finger grooves. A small trackball sits on top and is manipulated with your thumb. Hmm...maybe a wheel mounted on the side.

--

Re:Cordless Logitech trackballs

[loconet]

eh........yes so why did you buy it then? :)

Re:Cordless Logitech trackballs

[Chris+Pate]

We used to do this... Since the old RC33 Cordless MouseMan receivers were set up so that they could receive signal from either one or two devices (via a hard switch) we would marry a TrackMan Live to another rep's receiver and start moving stuff around on his desktop while he was taking a call... ^^ -Chris

TEMPEST

[whiteben]

What about eavesdropping a la TEMPEST? (See this TEMPEST page.) This has been around and known for years and doesn't seem to be a big concern of the industry. It's all about acceptible risk. If you're data is not sensitive, use whatever hardware you like. If it's very sensitive, use shielded stuff. Where you fall in the spectrum should determine how much protection is warranted.

Re:Just shows how important key management is

[skoda]

giving the PC side a transmitter - added cost
and the keyboard side a receiver. - added cost
the keyboard could have had a light sensor - added cost; requires keyboard to have line of sight to monitor and obviates much of wireless advantage.
docking/charging stand - added cost; requires regular connections to computer

Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.

If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.

-----
D. Fischer

block the signal

[mlheur]

I think I should use lead paint, and lead glaze on my windows and I should be safe. The sniffer would then have to be in my room...

Assume wireless devices are sniffable

[brlewis]

Until proven otherwise, assume any wireless device is sniffable. IR is relatively safe. For RF devices, if the manufacturer doesn't boast about security measures, they don't have any. Even if they have security measures, chances are they aren't strong.

Re:Assume wireless devices are sniffable

[Lawbeefaroni]

The security measures for RF are thus:
1. Industry buys frequency from FCC (or it is already available--900Mhz, etc). AKA New Wireless Gadget Idea Phase.

2. Industry makes product utilizing that frequency. AKA New Wireless Gadget Will Change the World Phase.

3. Existing RF equipment is found (suprise) to pick up signal. AKA No Shit, Dumbass Phase.

4. Media goes ballistic, industry reluctantly spends lobby money on FCC, FCC makes it illegal for consumer to purchase equipment that receives/transmits on RF frequency in question. AKA Red Hot Industry/Media/Government 3-way!! Phase.

5. Media finds no story, industry has a "secure" product, FCC has more beer money. AKA Citizens, Move Along, Nothing to See Here Phase

6. My RF equipment still receives/transmits on frequency in question(annoying cordless and cell phone calls aren't as cool to listen to as you might think), frequency is not secure, but my options for new equimpent are severely limited. Features that should have been implemented in the first place (spread-spectrum, digital) are trotted out later as "premium" services. AKA Who Gets it in the End Phase.

Obviously I have friends in Ham Radio. IANAHRO.

Mouse Data Is Useful.

[Cardhore]

Mouse data is useful.

Your double-click speed, combined with mouse acceleration, velocity, and number of buttons is practically a DNA fingerprint of your computer!

Re:Just shows how important key management is

[Mnemia]

You might care a bit more when people start sniffing the passwords to your online brokerage accounts and credit card numbers you are typing into online forms...

What do you expect?

[rabtech]

With the limited battery and processing power onboard these keyboards and mice, you can't really expect them to perform much complex encoding and decoding.

That said, some basic protection would be in order. Encryption is difficult when you are talking about a few characters per second, but definitely possible. Tuning each receiver to each device at ship time might also be possible, but could prove not to be cost effective.
-------
-- russ

"You want people to think logically? ACK! Turn in your UID, you traitor!"

actually this could be a feature

[unformed]

Logitech keyboards and mice mice work from over a hundred feet away

but seriously speaking. If something is airborne, it CAN be sniffed. If the computer can decipher something which is not directly connected to it, then something else can too.
Sure, you can encrypt the data stream, but encryption isn't full security.

The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.

No it doesn't prove false, you have to use common sense. So you unplugged it from the internet but decided to use a WIRELESS device, especially one that is not built with the intent of being cryptographically secure.

This is purely a stupid post. Releasing data into the airstream obviously makes it more susceptible to sniffers. And it's been known for ages that you can sniff out WIRED keyboards by checking electrmagnetic pulses in the air. Sure it takes very expensive equipment, and you need to be close to the computer, but if that can be done, then why the hell is it surprising that WIRELESS keyboards can be sniffed?

I didn't realize this was news...

[wrinkledshirt]

I was able to sniff my cordless mouse and keyboard a long time ago. Didn't really get much out of it, though.

Then I burned them, and THEN sniffed, and whooboy, do those chemicals go STRAIGHT to the brain. Awesome.

Authentication

[jonsuen]

What these keyboards _really_ need is a system to authenticate the keyboard and receiver. I know two roommates both with Logitech cordless mice/keyboards. The base station is normally limited to only one mouse/keyboard but a keyboard can transmit to any number of base stations.

To use a device with a base station, you hit the connect buttons on the base and the device. This leads to a constant battle of device substitutions. When one of them leaves Win2k at a login with their username saved, the other roommate reprograms their base station to receive the keyboard and gets the password.

I think security against attack by silly children is more important for this product than protection against the NSA.

Re:Just shows how important key management is

[jonsuen]

I think the _real_ problem with this product is the ease at which devices can be connected or made to work. In order to connect a keyboard or mouse to the base, you have to press a button on both. This leads to countless pranks reprogramming somebodys keyboard to another nearby base station and leaving the Win2k login prompt up or whatever.

A password or some other user authentication before reprogramming/key exchange would be nice or even making the connect button accessable only by paperclip would help (a little). I rather my money protect me against silly roommates rather than the NSA.

Title

[clinko]

"Security - Logitech Wireless Mice & Keyboards Can Be Sniffed"

Lets say it's 50 years ago. This title would be damned funny.
(people are smelling robotic mice and wooden keys it's a security risk.)

IR sniff at 100 yards? Child's play.

[Lottaguns]

Apparently you've never played with the current night vision technology. Even the Gen III passive starlight stuff is IR sensitive and can spot a cigarette butt at 100 yards. A pulsing IR LED source (like the beacons used for helicopter pilots' night vision) would be ridiculously easy to sniff with off the shelf equipment. My TV remote control looks like the f**king SUN through old cheap crapola Russian night vision. U.S. stuff is light years ahead. Even though you can't see it, the IR illuminates (for lack of a better word) stuff around it (like when I bounce my TV remote off the wood paneling because I'm too lazy to aim it properly). You would need line of sight with something in the room, but not necessarily the IR LED itself. A bug to detect the IR and then send it out RF could be ridiculously small and placed very inconspicuously.

The CIA

[Calle+Ballz]

Okay, I got all this from an old man who I work with that used to work for the NSA, this is what he says, I dunno if he is nuts or not.....

The CIA has their main building that is built within another building, and between the two buildings... white noise is pumped throughout. There is a good reason for this, *THEY* (NSA, CIA, MIB, Echeleon, whoever you are paranoid against) have the technology to sniff your keystrokes from about 50 yards away, even with your traditional wired keyboard. In some cases they can read even the radiation from your monitor.

I hate to break it to you

[irc(addict)]

but it wasnt Jack Ryan, but John "Clark". Jack Ryan, at that stage, was the President. :-)

Sniffing? How about spoofing?

[gmiller123456]

All it requires is line of sight to your computer, and anyone can control it. No special hardware required, someone just has to buy the same keyboard as you have.

one-time key INTO the keyboard

[kipple]

just an idea for a secure wireless keyboard (even more secure than a regular one, see the 'tempest' thread): once you bought the key, you physically connect it to the radio receiver, you set up it into the right mode and then start typing a random key ON the keyboard for a while (just like pgp). And that's your key.

Now, obviously there are some issues: first, if somebody 'tempest-sniff' your keyboard while you type the one-time key you're screwed.
Second, if somebody intercept what you're typing AND the radio transmission, it's a joke to rebuild the key and decipher everything else. But then, if you have a secure environment, it's surely not visible from outside, nor put in a regular carton-wall building. It's going to be secured in a heavy-armored room, and so on.

Now a little thought: what is the point to have strong encryption worldwide, when they can sniff your keyboard or even your monitor from a 'long' distance? Wouldn't that be a 'fake security feeling' to make countries and companies much more relaxed about encryption and the US spying the rest of the world, when No Such Agencies could basically use satellites to spy? They can read your newspaper.. why couldn't they be able to spy what you type on your keyboard, or to read your monitor?

I'm turning my monitor away from my window now :)

peace

Halflife & Quake

[OS24Ever]

Now my enemies can detetct my agile flicks of the wrist while I stomp them into the ground while playing Quake. Whatever am I to do?

Re:Halflife & Quake

[Sarig]

Flick rail them some more

Deserved it

[pkesel]

Your level of paranoia should be proportional to your level of hardware spending and site security. If the integrity of your work is jeopardized by stolen key and mouse clicks, how can you justify letting someone you don't know and trust close enough to do so? And if your work is so ultrasensitive, why are you trusting it to OEM products? Get the hardware and software to do it right.

Before long someone's going to realize that saying 'Hi' with hand wave is not secure. What the hell do we do then?

joystick like device

[discovercomics]

3m has a pistol grip mouse, no trackball on top though. It goes by the name of 3m Renaissance mouse.

I've been searching for mouse alternatives today, due to a bout of carpal tunnel syndrome. 3m offers a money back gtd. so I will try them first and if that doesnt work, I plan on giving the whale mouse a try.

Somebody PLEASE spy on me!!!

[ryanvm]

I must be a friggin' loser. All you guys are sitting around contemplating the ramifications of this demonstration. Meanwhile, I could only dream that someone would go through this amount of trouble to see what I type.

I can't believe there are so many important people hanging out at Slashdot. ;-)

All wireless communicaitons are insecure

[man_ls]

Cellular phones aren't secure. Anyone with a piece of hardware can listen in on your conversations. I know some people with such devices.

"Cordless" telephones are definately not secure. I've listened to other people's conversations because we were on the same channel, accidently, and while I couldn't talk, was very informed on this person's stock portfolio from his conversation with his broker.

Monitor cables, yes, the corded kind, emitt signals that a TEMPEST scanner can reconstruct into an image of your monitor, like a remote wireless VNC termanal that is set to look only.

Why should a wireless mouse and keyboard be any different? They are beaming keystrokes/(X,Y) coordinates into the air the same as those other devices are...why wouldn't a scanner or another receiver be able to pick them up? Anything that travels through the air is unsecure - it should never be assumed otherwise.

kinda scary

[Davace]

Let's hope whatever encryption they use will be an open standard, and not some closed-source 'security-through-obscurity' plan.

Re:kinda scary

[methodic]

My guess is that they will release a revision 2 keyboard with some lame XOR encryption that can be cracked within a week.

This raises an interesting point... can one spoof their keyboard's identity to send keystrokes to another reciever?

I wonder how fast someone can type "echo + + > ~/.rhosts" :)

---------------

I'm not concerned.

[megaduck]

While I can see how this would be a concern for high-security environments, I don't think most of us home users really need to worry about it. With surfing and games, most of the info that I transmit is totally useless unless you know exactly what's on the screen at the time. At best, you're going to get my personal e-mails which are pretty darn boring.

Call me crazy, but I'll live with the tiny security risk if it means I don't have to get my lazy ass off the couch.

Re:Why is this a surprise to you?

[bahtama]

Why leave it on your monitor, I know someone that has programmed it as a macro. Hit F12 and boom he is logged into a multitude of places!

Now that's secure. But the worst part is is that his password is 'password' anyway! Double stupidity! :)

=-=-=-=-=

Surprise! Remote Control 101

[kireK]

Like this should really surprise any of use... now what's cool is to intercept the signal and control someons's mouse and keyboard remotely... Imagine the fun when your coworker surfs to a site that they didn't type in.

Not just sniffing... control!

[morcheeba]

My former bank always had an irda-compatible printer right near the deposit slot, and I always thought it would be fun to start printing out things for them to find in the morning. Nice, harmless fun.

But, controlling the keyboard and mouse from outside is a little different -- You could sniff the passwords during the day, and with a pair of binoculars, re-enter them at night. I know there are lots of passwords on the systems, but I wonder if there is a time lockout so they can't be used at night. Hey, high security safes have these; it's about time the computers do, too.

But, then again, they probably wouldn't have too many keyboards at a bank. People already walk off with their pens all the time...

How much could be learned...

[ccarr.com]

From mouse movements? I can see worrying about the keyboard.

So what?

[RzUpAnmsCwrds]

So what! Cellphones, cordless telephones, 802.11b, and just about everything else can be "sniffed"! There are a million ways to compromise the security of a PC. If you need maximum security, then don't use cordless mice or keyboards!

Why are people around Slashdot always so worried about this kind of thing?

Another thought comes to mind...

[Scoria]

(Sorry about the double post, but this is rather interesting)

I bet if you can sniff the data, you can probably also forge it. I doubt those keyboards use any type of authentication and if they do, well, it's easily accessed by sniffing.

That'd be quite bad if somebody sat a few feet away from a terminal with a wireless keyboard, sniffed it, and then "h4x0r3d" the network using forged keyboard data...

Common Sense

[Scoria]

No offense, but if you don't use a wireless network because it's not encrypted, what makes you think a keyboard that runs off two AA batteries will be secure?

Common sense, people... Common sense.

AND!!!

[Dancin_Santa]

Get this! With the right equipment, it's possible to read the contents of a person's monitor, right through a wall. Oh no!

"His keyboard usage pattern indicate that he types a few commands then stops. He then uses the mouse almost exclusively. Even there, though the mouse only moves intermittently. We can't make out what's on the screen, but it doesn't appear to be textual."

Dancin Santa

Re:Conduits

[anon757]

I belive they have already done this. It's called a "wire"

Re:Conduits

[anon757]

Woohoo! I'm #1!!!

In other news...

[NerdSlayer]

It turns out CRT monitors can be photographed from yards away! Get rid of them now!

Re:Duh!

[markmoss]

As far as I know, there is no solvent for this stuff. We tried to find a solvent to clean up spills -- we've got one that will eat the floor tile out from under the lumps of spilled epoxy, but it doesn't touch this epoxy. It does dissolve some kinds of cured epoxy, but not the stuff the chemist picked for this job. Epoxy solidifies by an irreversible chemical reaction, so there is no particular reason that there has to be any solvent at all. Note also that epoxy is used for circuit boards and IC packages, so if there is a universal epoxy solvent, the board would come apart, which would tend to disconnect the RAM from the battery, causing erasure...

Duh!

[markmoss]

When cordless phones first became common, many people were surprised to discover that their neighbors were listening in. DUH!!!

When cellular phones came within ordinary peoples' price range, many were surprise to learn that everyone could listen in. DUH!!!

Anything you put on the radio is insecure unless it is heavily encrypted with good control of the keys. Why is that hard to understand?

The wireless keyboard and mouse could be encrypted. In fact from the article it appears that they might be encrypted; there is some sort of negotiation going on at startup, but I don't know whether that is to pick a key or simply to pick a channel. But even if the encryption is good, this live on-the-air key negotiation is a weak point. For instance, you could buy the same model of keyboard and take control after the guy turned on his computer and while he was walking over to the keyboard. Of course, you'd be entering commands blind, but there's always "del *.* (enter) y". Or since there seems to be a short list of built-in keys, you could experiment with a keyboard to find out what they all were, read the key selected from the start-up transmissions, then read out the login and password.

If you want a really secure wireless connection, then you need strong encryption with a unique key that no one else knows. Either you ship keyboard and receiver from the factory as a set (and trust the factory to erase the pre-programmed keys from their records as soon as they are used), or you have a way to temporarily bring the two devices together and connect them by a nearly untappable wire while they figure out a key.

Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation. Don't ask me to explain it. It would require enabling two-way communications, which doubles the cost of the radio circuits, and I suspect it would increase the CPU power required dramatically.

By the way, you don't need much CPU power for good secret-key encryption, you just have to design right. I know of boards that do reasonably secure encryption and only have eight bit CPU's barely more powerful than the one in the original IBM PC keyboard. They have a special (and not too expensive) chip that implements DES, and since the original DES definition used a key that is short enough for brute force attacks nowadays, they run the message through several times with different parts of a long key. It's supposed to be safe enough to carry debit card PIN numbers under the tough European regulations. But we've got to go to nearly absurd lengths to keep that programmed-in key safe: the board is wrapped in a piece of folded paper printed with wiring patterns, then it's all potted (cast) into a block of epoxy mixed with silica grit (sand). If you take the case off, a little switch detects this and the board erases its memory in microseconds. If you somehow get past the switch and drill or cut through the epoxy, besides being darned hard on the drill bit, when you hit that paper wrapper you cut wires and the board erases. If you freeze it to weaken the epoxy and slow down the erase process, the board has a thermistor to detect falling temperatures, and erases. If you try to burn off the epoxy, that paper will go first -- and in some models, there is also a thermistor to detect rising temperatures.

Spread spectrum?

[MSBob]

I thought it would be natural to use spread spectrum for this kind of device. Data rates are really low so the chip code could be extremely long. That would be quite secure for most purposes... No?

Why is my range so limited them?

[NachtVorst]

I have a Logitech wireless keyboard and mouse...

Now my question is: If people can sniff this from a hundred feet or more... Why the fsck does my reciever stop working at only a few feet?

I'm sure if it's that easy to sniff it, Logitech could have built a reciever to work with a longer range...

Does anyone know if there are any third parties that make alternate recievers with a longer range for this? NachtVorst

Avoidable

[tlhf]

It can't take that much proccessing power to put a simple chip which can encode to 56bit, can it?

Conduits

[OG+Loki]

If you could somehow construct a conduit that the signal could use to travel from the mouse or keyboard to the box, perhaps a metal line with some sort of insulation to prevent signal bleed, and electric shocks. Of course these conduits would need to be long enough so that your mouse or keyboard could be operated at a comfortable distance from the machine...

I thought the adage was...

[tthomas148]

"The only safe computer is locked in a room and unplugged." Period. Who cares if it's connected to the Internet? There was hacking before the Internet, let's remember.

Dumb AND obvious.

[cypher6_06]

Honestly I doubt that Logitech intended on making wireless keyboards for people worrying about their information being stolen. The company I work for wouldn't be so stupid as to take a chance on something so insignificant and useless (why would a company want their employees to have wireless keyboards?) Logitech most likely developed these keyboards with home users in mind, the kind that bitch about having to plug a serial cable into the back of their comp. On another note.. what use would sniffing out mouse movements be?

-0110

Re:Dumb AND obvious.

[cypher6_06]

Yeah.. but that would have to be like on a network. If you're playing friends, then it would be extremely stupid and underhanded to cheat with such a stupid way. Anyone who'd waste his time cheating in a computer game.. well, I'd question their social life.

Re:Who would want to sniff your kbd / mouse anyway

[GreenEggsAndHam]

Anyone who cares to listen in onto my cell phone conversations is welcome to. If I have something sensitive to tell someone, I will meet in a McDonalds where my whisper will be drowned out by the kids yelling and/or the terrible canned music that they play there.

Who would want to sniff your kbd / mouse anyway ?

[GreenEggsAndHam]

No really, that's so pretentious it's not funny.

Cliff, stop kidding yourself, very few of us are important enough or have access to data that's important enough that someone would want to bother setting up a snooping station to intercept our userid/pwd.

For those of us who *do* have access to something that's sensitive, they *will* be sitting in that computer room that's disconnected from the net and they'll sure as hell not be using silly gizmos for geeks.

Not just RF Keyboards

[Spamalamadingdong]

Yeah, the IR models aren't sniffable with a radio receiver; you probably have to use a telescope with a sensitive IR detector to do something that fancy. <sarcasm> And we know that nobody could or would do that, right? Right. </sarcasm>
--

You make it sound so hard; it's *easy*.

[Spamalamadingdong]

Yeah, running a wire between them for a moment when it's first installed is *so* hard...

Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.

You don't need a wire, you only need a set of contacts on the keyboard which match a set on the receiver. Touch the two together, and they sync keys. I could do this trivially with some CMOS-level electronics on the receiver and a static-protected input on the keyboard hooked to an open-drain driver, allowing bidirectional communications. This would also be very easy for consumers to understand ("touch the units together until the keyboard lights flash") and eliminate the need for the sync switches on the two units as well. You want an existence proof that it can be done? Look at the Dallas Semi iButton.
--

Just shows how important key management is

[Spamalamadingdong]

It's amazing how many ways this could have been done right, and it is still wrong. For instance, the system could use a Diffie-Hellman key exchange by giving the PC side a transmitter and the keyboard side a receiver. Or the keyboard could have had a light sensor and use flashing patterns on the screen as the data back-channel (you only need it during sync). Or, if the keyboard used rechargable batteries, the key-exchange could be done by hardwired connection while it was on its docking/charging stand.

But no, Logitech had to do something that "works" but gives people zero privacy and no security. I hope this product gets hacked to hell, publicized to the ends of the universe and all products with crappy security get such a black eye in the press and a drubbing in the market that nobody even thinks about trying to sell something like that ever again.
--

Re:Just shows how important key management is

[Geleekrapfenmann]

or, you could just shield it with a jelly-doughnut.

let's hope they will do it right eventually

[janpod66]

I would very much like to get rid of wires and use a wireless keyboard. Unfortunately, companies like Logitech don't seem to think consumers care, so they just produce the cheapest possible device, which means little or no security. I called them and they didn't try to hide the fact that their devices aren't secure.

Let's hope that reports like this will create a consumer demand for security and cause lots of complaints to Logitech. So, if you see people use these devices, explain to them that anybody nearby can get their passwords, credit card numbers, and even take control of their computer. I think when properly explained to them, consumers do care.

Wireless keyboards can be made secure for a few more dollars; the company simply needs to care.

I'd kill for a bunker and lifetime supplies

[CrazyJim0]

That's like my life's goal :)

You should be scared, Cliff!

[Canonymous+Howard]

Curses! My evil plot to sniff Cliff's keyboard and mouse connection has been foiled! The jig is up, now I'll never get the priceless slashdot root password!

It's just not easy being an evil genius anymore.

HOW - TO - SNIFF LOGITECH CORDLESS

[da5idnetlimit.com]

this under GPL for free 8) well, first you buy one transmitter the you put it on a power line (Literally ON th power cable !) => Every single signal will have resonnace throught the cable. your transmitter can catch it easilly. If somebody in you building use one within 250meters, you can catch it = You plug the transmitter, put it on the power line, start Word Pad (M$ Trademark, No No Don't Sue Me !) and you see a nice text such as "login:pass" and the such 8) Well known thing. more like a children prank. Anyhow, any of your computer, except for you who work with 5000 $ Shielded Monitors and 25 Kg Magnetically shielded Cases, Fibre Interruption Keyboard and Shielded mouse are Bait for the Pro. Anyhow, All you Data are Belong To M$ 8(

Wacom cordless mice can't be sniffed

[Barlo_Mung_42]

I'm not sure what good sniffed mouse data can do anyone. X/Y and button events don't seem useful out of context. If you are paranoid about this (and still need a cordless mouse) get a Wacom Tablet.

general security with cordless devices

[neodymium]

According to german computer magazine c't (11/2001), about any cordless device can be sniffed - not only logitech. They had an article in the last issue discussing exactly this. Maybe I'll translate it a little later...

Just a summary, now: Cordless devices tend to use a 8 or 16 bit key for identifying (and authenticating) the connection to the base station. So all you need to sniff the keystrokes is another receiver, this code and something actually logging the characters... (i.e. keyghost.)

Re:Not suprising. Privacy ain't the half of it.

[CathodeJack]

I never did want to touch those things. We make so sure that noone sees when we type in our passwords, sometimes even disguising the way we type, faking hitting certain keys etc, i've seen some Very paranoid people. I'm sure they'll not be happy to know they've been shouting their passwords and credit card numbers across the room for anyone to tune in on.

I think this goes well beyond mere privacy. When you put one of these things onto your computer, you aren't just letting anyone out there hear what you are typeing (credit cards numbers, passwords, or secret attack sequences in MK3). You are also allowing them to type things in for you.

What happens if you put one of these things on your computer and a malicious neighbor has one too? What's to stop the malicious neighbor from continually transmitting "cd /; rm -rf *" (or the windows equivalent) into your machine.

Only half of security is encryption / privacy. The other half is source verification and trust. That's why Verisign is doing so well. Until they rework these things with full on strong encryption including unique device signatures, I won't even consider putting one on my computer.

wireless counters to adjust bank accounts

[Abschicker]

Well, a few days ago we've been standing outside, smoking and talking about wireless networking - just the usual fun - while a friend told us a story about the Dresdner Bank, who had recently installed wireless Logitech mice and keyboards in one (or even more ?) of their subsidiaries here in Berlin/Germany. The reason for that was that they didn't want to drill cabling holes into their brandnew desks and counters !
Our idea was - as a matter of course - to sniff their fingertips and micemoves, and with knowledge of their software's menu and operating structure, to make our red account balance become deep black again. A few days later we all laughed about the report of a security consultant concerning a German bank, which we first read about here (in German). They of course didn't mention the bank's name ... Funny that in a highly security sensitive environment like a bank somebody had the funny idea to use wireless keyboards and mice instead of leaving doors and safes wide open ...

The NHS sniffed my brain...

[dev!null!4d]

My brain has been sniffed... I had a eeg and now my pattens are on floppy disk... they know I like pr)(n ;-(

sniffing

[redcup]

My boss has a wireless keyboard and he caught me sniffing it this morning. It definately wasn't worth it - it just smelled like coffee.

I know this is coming up in my performance eval...

RC

This is outrageous!

[sup4hleet]

I can't believe the didn't use spread spectrum frequency hopping to secure such sensitive data!

how easy to sniff?

[fortunatus]

of course these things are easy to sniff.

you'd use the same receiver that comes with the stuff, just a little more sensitive with some special optics. you might be able to make a sniffer with one of the regular recievers by putting it behind one side of a pair of binoculars, or other telescope.

if you have a B&W CCD camera, take the IR filter out of it & have a look at the light beams. CCD's are sensitive to near IR. you'll see that the amount of light comming out of the senders is tremendous.

you could encrypt...

CRT Sniffing

[filmnorthflorida]

Could I hook up a transmitter to send the VGA signal over RF and get rid of my monitor cable? If these things are so easy to sniff, I want to take advantage of it for myself.

I sniffed my mouse...

[gnovos]

...that's when I realized it was time to change the sawdust in the cage, phew!

tip of the iceberg

[alexandremathy]

You'd be surprised how much wiretapping can occur with computer perpherals. A guy in the research labs in my uni can reconsitute the image from a monitor's radiation at a range of about 20 meters. He says the loss of quality is minimal. MOst consumer grade products aren't shielded nearly enough, because, obviously, that would drive the price up for a benefit most people wouldn't even be aware of..

Why is this a surprise to you?

[No+Tears+In+The+End]

Think about this for a minute. Wireless keyboard and mouse. How do you think that the data gets to the computer, magic?

IR seemes to be too unreliable, being that line of site was necessary and a dusty or smoky room would cause unreliable transmission of information.

What's left? RF. The properties of RF that make it so desirable are the same ones that make it sniffable.

Leaving a note on your monitor with your login and password will insure that you never forget, but it also eliminates the point of having password security.

thats not what worries me

[s4ltyd0g]

Most users can't even be bothered to pick hard to guess passwords who needs to sniff? Unprotected wireless access to corporate networks is where the action is.

Just wanted to post something

[terrorist-a]

I imagine controlling the PC (transmiting louder than the PC keyboard/mouse) is also possible... and you don't need a very special equipment.

Really scaring...

Fortunately I'm using an old fashioned wired keyboard and mouse...

Anyone knows how long a physical mouse/keyboard extension cord could be?

Take a page from Seti@home

[ColGraff]

Seti@home sends out occasional packets to clients to which it knows what the response will be. Why not do something like that with wireless keyboards/mice?

Instead of just a receiver processing signals from the mouse or keyboard, have a transmitter in addition. Send random floating-points to the mouse or keyboard after each attempt at input or a random percentage of the time, which would then return another floating-point obtained from an algorithm in ROM that would be unique for each machine, and never transmitted. A malicious individual would be unable to control a user's computer because he.she would not have the algorithm.

Here's the way it would look:

1. Mouse/keyboard sends command to computer.

2. Computer sends random numbers.

3. Random numbers are received by mouse, and are fed into an algorithm on mouse ROM.

4. Mouse returns result(s).

5. If response in incorrect, wireless peripheral is locked out, and user switchs either to wired device or different frequency.