Slashdot Mirror
Security - Logitech Wireless Mice & Keyboards Can Be Sniffed
Brock Tellier writes "The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false. According to a recent security report about Logitech wireless mice and keyboards, an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary." Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.
You know, part of the reason the very existence of TEMPEST was classified for so long was that: a) it worked, and b) no one knew about it. That time has passed; why is this "news"?
I believe the term is "Faraday cage".
ok... so you're sniffing someone's cordless mouse.
"moving up a bit... left click... moving right a bit... moving down a bit.... right click... moving left a lot and up a bit. silence... moving down a lot, a little to the left... right click... moving up a bit...."
What exactly could you do with that info?
Lots of people don't understand these things, and tend to get mislead by bad marketing.
For example, there's an outfit which sells set top boxes for digital TV called Open; these boxes are used by outfits in the UK to provide their "like the Internet, only a not" offerings. Including Internet banking with a number of the UK's leading online banks.
Customers are assured that Open use s00per-s3kr3t encryption between the set top box and the host system to secure your banking experiance, which is true. What Open don't tell consumers is that their IR controller/keyboards run with no encryption and have a 50 foot range, so anyone with an IR reciever and a little work could be merrily sniff you logins, passwords, and so forth.
Oops.
There's a lot of work to be done on educating Joe and Jane Average about these things.
But no, Honda had to make something that "works" but gives people no security.
You could always take the character key, base-64 it, and XOR the bit string....
oh, wait a minute... you might get sued for that marvel of technical prowess!
There is really no big difference between sniffing a telnet session with bpf and sniffing an optical or radio connected mouse or keyboard.
One solution for the telnet case was the use of encrypted channels, via the secure socket layer (SSL) and a changed protocol/tool (ssh).
It is obvious that a similiar method has to be used for the mouse/keyboard case.
So install sshd on your peripherials and be happy :-)
Are there any competitors in that space (RF keyboards)? I'm not exactly in the market for a wireless keyboard, and if I were it's likely that IR would do it for me.
Also as I said before, mentioning security will remind people that they have no idea if it is secure. After all anything claiming to be secure in the past seems to have had later announcements about how it's not exactly as secure as first claimed... (and no, not everything does, but it happens enough that I expect lots of folks have that impression)
Ok, if they spin their own silicon they might be able to do it, I don't own one of those things, so I can't check to see if it is all off the shelf parts, or has any custom ICs, or even FPGAs. I'm assuming these small area designs have been openly published and withstood attack? Or are small area designs of real cyphers...
Sure. First it costs money to put the wire there. Then it costs money if people screw it up, or think they did and call the 800 number. You need long term storage to hold the key (FLASH, NVRAM, whatever), and if it is battery backed you will need that cable again in a few years, or there is another 800 call.
And you think Logitech has a shortage of crack smoking monkeys?
The documents were out for public and private review for many many months. Experts did have at it. It at least got changed from a clearly worthless 4-bit key to something that looks valuable (but isn't).
Yes, price isn't why WEP sucks, but I think price is why WEP was at least attempted.
Not really. Anything that increases the cost has to increase sales. Will the lack of a checkbox that says "uses random crypto thingie so it must be safe" lose some sales? Maybe. Some people clearly wouldn't buy it because of that. Then again some people would see that and be reminded that it is a problem, and not want it. Some people will see it and demand that they know how it works so they can be convinced it is secure. And above all, it is going to drive prices up. You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.
Plus it is hard to imagine anything simple that works out of the box, unless you key the base station to the keyboard from the factory. Otherwise you could have a man in the middle attack (which would be harder then the existing attack, but still...)
I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!
Furthermore devices like this invariably end up stepping on each other's toes. They're fine if you're the only user in the building but when the secretary upstairs gets one you end up getting who-gets-the-bandwidth glitches or worse yet finding thier mousing on your screen (or "Iieeeeyyhahh - my cursor is posessed!")
Of course one key thing to ask yourself is if you care that someone could decode your mouse or kb.
In the office as I noted these things are of limited utility, at least if you're in a geek-dense area. At home the question is how many folks are in range and how many could possibly care.
In my neighborhood the average age is 60-something and of a definite non-technical bent. Frankly I doubt there's so much as an active ham in the neighborhood much less anyone with enough geek-tendencies to scan, identify, then decode my mouse or keyboard.
The same with the odds of there being another comperable device - I can count the cable-modem users by looking at the wires and there are 4 of us in two blocks (and from sniffing I know I'm 90% of the traffic.)
Yeah unsecured wireless devices aren't a good thing to use in a secure environment, but again, that's *news?
I don't read ACs: If a post isn't worth so much as a nom de plume to its author then I wont bother either.
Maximum PC had an article about PC Pranks last week. And they drove one editor nuts by hooking a cordless mouse to his system as the primary pointing device, and driving his machine from across the room.
"Politicians are interested in people. Not that this is always a virtue. Fleas are interested in dogs." P.J. O'Rourke
Fortunately, Open is such a lame service that not many people will use it. The shopping sites are a small subset of what you can find on the Net, and you have to go online continually just to compose an email.
Most amusingly, the IR-based protocol between keyboard and set top box has no error recovery, so it's very easy to just type too fast and have it *lose characters*. Brilliant engineering...
I wish Logitech would hurry up and release a Bluetooth wireless mouse, because every time I try to use my new Ericsson cordless headset near my PC the mouse stops working...
--
but sniff my crotch and I'll bitch-slap your sorry face.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
If you buy peripherals that broadcast their data through the air, what the hell do you expect?! We take it as a given that true security with 802.11b even using encryption is an iffy thing, despite using pretty heavy duty hardware, and yet we're floored when a cheap input device with nary more horsepower than a CD player is insecure? Perhaps we should come up with a public key protocol for mice and keyboards? Given the required horsepower, we could then also use them as co-processors, offloading all those Quake computations on the mouse and keyboard. Hmm...
It wasn't Tom Clancy's NetForce with Scott Bakula you were watching was it?
The secret of success is honesty and fair dealing. If you can fake those, you've got it made. (Marx)
Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.
Good idea. I'll zap off right now and get this new keyboard off my IIS E-Commerce server. I sure wouldn't want my customers credit cards to get stolen because of some deviant sitting outside my office and sniffing me.
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
I have a wireless keyboard and mouse, and I can't get them to work more than 4-5 feet away. But they can sniff my signal from across the street. Technology frikkin' sucks.
~Hammy
"Logitech had to do something that "works" but gives people zero privacy and no security"
Yes, and they did exactly the right thing. Their "job" is to produce products that do what they claim to do and sell them at a price people will pay. They never claim these products are secure in any way. As the above post says, if you bought this product *assuming* it's secure, you're a dumbass and you deserve whatever you get.
-B
It's not "unplugged from the Internet", it's "unplugged". As in unpowered.
Even then, you are not totally safe. The contents of your RAM are often valid for several seconds to several minutes after you power off. With lower temperatures this can be up to hours. This must be taken into account with high security applications where physical access is possible. For example, tamper-detection circuits must erase RAM as well as EEPROMs when intrusion is detected.
Since PCs don't clear out memory before they power off, your passwords and encryption keys could possibly be stolen from RAM even with the best security precautions taken. Mind you, I haven't heard of anyone actually using this technique, just that it's a possibility.
-- Virtual Windows Project
Really, alot of things are insecure but after trying to be security consious you can't secure everything in the world. Is it even worth it in the hopes that one time you could get something interesting? There are easier ways of getting personnal information.
For example, I could break-in and install a camera pointed right at your monitor/keyboard. Does this justify turning your desk 90degrees every hour?
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
If you consider where Logitech makes most of its stuff, there's a fair chance they wouldn't have been allowed to put in such features. Encryption makes life difficult for Big Brother.
(Nearly everything Logitech that I've seen in the past few years has said "Made in China" on it. Think about it.)
20 January 2017: the End of an Error.
People can hear you when you talk on the phone!
It's 10 PM. Do you know if you're un-American?
Cordless telephone poles, don't you mean cell towers?
What about your (now legally binding) PGP passphrase?
------
A screw driver and a soldering iron will fix that.
------
Didn't the PET have a VHF RF modulator built in (i.e. you connect it straight to the TV)? That would make reception a little easier.
------
It's a lot easier to tell someone in person that "I didn't sign that" than it is over the internet to someone who has never met you.
------
This isn't van eck-ing, as the keyboard is BROADCASTING a signal that is MEANT to be picked up. This makes it orders of magnitude easier to pick up, as it is designed to stand out from the noise.
On the other hand, completely passive van eck setups need to do alot of work separating the signal they are interested in from the background noise.
On a completely different note: those concerned about password security can move to a face-recognition login setup, which would require the attacker to capture the screen in order to compromise security,
"The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.
- The only safe computer is locked in a room and unplugged from the Internet.
+ The only safe computer is locked in a light-tight, Sonex lined, Faraday cage and unplugged from the Internet.
A dingo ate my sig...
I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole ...
...and yet you bought it. Yep. You shilled out $60 - $80 of your hard - earned cash for something that you admit was worthless. You're the kind of consumer we love.
Comment removed based on user account deletion
The cake is a pie
The cake is a pie
You can sniff Monitors from up to 1000 yards away (often through most kinds of walls) with highly sensitive (an perfectly aimed) tranceivers. The tranceivers pick up the monitor radiation from the tube gun and can basically aquire and reproduce its input signal.
Someone you trust is one of us.
Relax. This only applies only to the RF keyboard models. The IR models arn't succeptable.
I DARE someone to sniff my IR communications from hundreds of yards...
Check out my sysadmin blog!
a store's prices are based largely (but not solely) on their own costs. if a stereo costs them $200, and they can sell it for $400 they make a nice $200 profit. but what if that stereo now effectively costs them $300 because for every 3 stereos they sell, one of them is credit fraud and they have to eat the cost? they would have to raise the price to $500 to make the same $200 profit.
the reason they can't raise the price to, say, $900 and make a $600 profit, is that the guy down the street is selling them for $500 too, and everyone would just buy them there. or, if everyone was charging $900, people would just say "fuck it, i don't need that stereo that much" and not buy one.
</basic economics>
I bought a Logitech Cordless TrackMan FX the other day ... that's about as useful as a cordless telephone pole ...
And you bought it because you're really into cordless telephone poles?
Mmmm.. Donuts
It's correct, except it's not for protection from sniffing keystrokes - it's for using lasers to pick up vibrations from sounds in the offices. I believe I saw this on "Dangerous Places", so YMMV. :)
The CIA can already sniff your keyboard and mouse movements, wireless or not. It's called Tempest. It was mentioned briefly in Rainbow 6; Jack Ryan has a computer which he refers to as "Tempested" which I took to mean resistant to Tempest sniffing. The CIA did a short demonstration with a computer bigwig (I forget who) where they showed this technology off a year or so -- they were able to sniff a login/pw from a family computer from about a block away.
Laz
actually, i got all of it back when that happened to me.
Got Rhinos?
This is not remotely (no pun intended) interesting - OF COURSE signals from wireless keyboards and mice can be detected at a distance. If they couldn't be detected, they wouldn't work.
Slashdot: Home of the blindingly obvious.
---
Book(n): Utensil used to pass time while waiting for the TV repairman
I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna
:-) By the time you're sitting in a van on the street outside, you're looking at NSA-style budgets.
Good point. We must all be careful not to let anyone with any homebrew Van Eck gear within a few feet of our Commodore Pets!
But for any real Van Eck threat, my point stands. You lose 6 dB of signal every time the distance doubles, which will easily cost you an additional 6 dB of money and effort each time.
At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry
Again, if the people after your data are capable of pulling off this sort of thing, you might as well tie a white rag to the end of a stick and surrender peacefully.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests. (And how many servers display passwords on the screen when you log onto them?)
Wireless keyboard sniffing is MUCH cheaper and MUCH more damaging than TEMPEST vulnerabilities could ever be.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
-- ;-)
Kuro5hin.org: where the good times never end.
-- ;-)
Kuro5hin.org: where the good times never end.
As for the iButton/1-wire/MicroLAN stuff from Dallas, I've played with it. They have some really cool devices. Their superfast 8051-compatible microcontrollers are neat too.
-- ;-)
Kuro5hin.org: where the good times never end.
Hmm...I sense a business plan. All these little gizmos, like remote controls, garage door openers, Bluetooth cards and telephones, game controllers, SPIKE gizmos, and so forth have one thing in common: for proper security, they need a hardware key-exchange system. Which means a cable. Which means an enormous business selling cables. Which means that cable companies could give away strong encryption as a loss-leader, and make it up with a captive market for synchonization cables.
-- ;-)
Kuro5hin.org: where the good times never end.
-- ;-)
Kuro5hin.org: where the good times never end.
alice sends to bob X = G ^ x mod n
bob sends to alice Y = G ^ y mod n
shared secret is G ^ xy mod n which alice gets by computing Y ^ x mod n and bob gets by computing X ^ y mod n
alice and bob can each generate the secret key because they know either x or y. eve, an evesdropper, cannot generate the secret key because without either x or y, computing the secret key from X and Y alone requires calculating a discrete logarithm, which is a Hard Problem. This is not intensive calculation by today's standards since my Java ring is powerful enough to do modular exponentiation in a reasonable amount of time, and it is several years old. You are absolutely correct that adding two way communication to a wireless keyboard/mouse would be much more expensive, however.
burris
Burris
I must first admit that i am unaware of the design of these keyboards but i assume there is only a few channels they operate on. All you would really need to "sniff" these devices would be another reciever device of the same type set to the same channel. Once you have the channel figured out the second device, attached to a second PC, should display what was being typped on the original? This is the way the old RF keyboards sold with the Gateway 2000 Destination series of computers worked. We purchased a few of these where i work and i used to love to annoy people by setting a second mouse to the same channel they used, then in the middle of a presentation start moving their mouse around on them.
If you are security conscious and bought a wireless keyboard, you deserve to have your head examined. If it didn't say "Strong Encryption" or mention some other form of security on the box, you didn't honestly think it was secure did you? Even IR keyboards can be "sniffed", although not nearly as easily.
Actually, I think the qoute is "The only secure computer is one unplugged from the internet, power, monitor, keyboard & mouse, shoved into a crate, pour cement into the crate, nail it shut, wrap it in chains, place in a larger crate, pour more cement into that, then bury it 50' underground."
Personally, I think that's optimistic if you are running windows.
Necessity is the plea for every infringement of human freedom. It is the argument of tyrants; it is the creed of slaves.
Here is the list of frequencies for each model of keyboard. This is direct from Logitech's web site:
http://www.logitech.com/cf/support/1029.cfm
It's nice when they make it easy for you.
The credit card system is in shambles. If it was designed properly we wouldnt have to subsidize billion of dollars of theft via higher prices at the store.
This country is becoming increasingly dependant upon computers, and as it does so you will become even more vulnerable to electronic fraud and surveillance.
It may have been easy for you to show that you obviously didnt make those charges on you credit card bill, but do you want to have to explain that you didnt request that $20,000 online "cash" advance next time, that was promptly "lost" at some ecasino?
Basic common sense security is something you should consider. One day, your attitude may come back and bite you.
Sure, it's kind of cool that they used the off-the-shelf Logitech receiver against itself, but a custom reciever would perform the interception passively.
Hardly anything to panic about. Your cordless phone probably leaks more personal info about you anyway.
John
P.S. Did anyone else think Bluetooth?
John
Can't remember any links now, but in a lecture by Duncan Campbell he mentioned a new method by which the lower-frequency electromagnetic radiation (i.e. not light) from CRTs and even LCDs can be monitored from behind walls, and most of the information can be retrieved.
--
I hit the karma cap, now do I gain enlightenment?
Escher was the first MC and Giger invented the HR department.
Warning! If you work with secure data on a computer, and there is a wire spliced onto your keyboard wire in an unusual way and the wire goes into a hidden corridor, out the window, or far from site, someone might be sniffing your data!!
(also see sig s/Privacy/Security/g)...
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
A couple of people in the audience with a cordless keyboard and/or mouse on the same channel... a couple of clicks... a few choice webpages projected on the screen...
I don't think you'd be staying at the podium for long.
Actually, it's not terribly difficult to get data from a wired keyboard at a reasonable range. They run at a low data rate and leak a fair amount of RF. You can demonstrate this by holding an inductive probe near one and pressing different keys - they all make different tones.
It's not "unplugged from the Internet", it's "unplugged". As in unpowered.
I've go one of these sets and I'm lucky if I can use the keyboard / mouse 10 Ft away from the PC. Whoever discovered a way to sniff the things 100's of feet away, can you please get in touch with Logitech so they can get more range on their own product.
A journey of a thousand miles starts with a brutal anal raping at airport security
The only problem is if it becomes a giant lightning rod. Especially if you are in the top floor of a tall apartment building.
Check out the Vinny the Vampire comic strip
"It is a greater offense to steal men's labor, than their clothes"
A few years ago my brother, another geek, emailed me a challenge to see which of us was laziest. He said he would put off all his work till the last minute and not clean up his house or run and play with the kids for a full week.
One of these days I'll get around to replying to his email.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
The only system which is truly secure is one which is switched off and unplugged, locked in a titanium lined safe, buried in a concrete bunker, and surrounded by nerve gas and very highly paid guards. Even then, I wouldn't stake my life on it.
(Gene Spafford)
I think switched off also includes the removal of the batteries from the mouse and keyboard.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
giving the PC side a transmitter - added cost
and the keyboard side a receiver. - added cost
the keyboard could have had a light sensor - added cost; requires keyboard to have line of sight to monitor and obviates much of wireless advantage.
docking/charging stand - added cost; requires regular connections to computer
Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.
If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.
-----
D. Fischer
ShoutingMan.com
Your double-click speed, combined with mouse acceleration, velocity, and number of buttons is practically a DNA fingerprint of your computer!
Got friends?
I'd never use one of those. I even switched to an HMD to avoid my screen be visible from the next room. I also put my computer into a room 6 meters underground, then sealed the entrance. I bought temperature/moisture/pressure sensors for the floor tiles, removed the air ducts (so there, Mission Impossible!), re-install NetBSD nightly to avoid any files being saved, and put EMF filters on my mouse and keyboard cables. I have my own air generator, and a lifetime supply of Spaghetti-O's.
Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for /. or MP3.Com. Who the h377 cares?
Do you actually think it matters if someone uses your credit card fraudulently? Nope. Happened to me already, before everything was 'e' something. I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.
Life is just one big exercise in risk-management. Learn what things matter, and what things don't. Protect yourself where it matters. Don't bother to wear a flak jacket to the can.
-WS
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
With the limited battery and processing power onboard these keyboards and mice, you can't really expect them to perform much complex encoding and decoding.
That said, some basic protection would be in order. Encryption is difficult when you are talking about a few characters per second, but definitely possible. Tuning each receiver to each device at ship time might also be possible, but could prove not to be cost effective.
-------
-- russ
"You want people to think logically? ACK! Turn in your UID, you traitor!"
Natural != (nontoxic || beneficial)
Logitech keyboards and mice mice work from over a hundred feet away
but seriously speaking. If something is airborne, it CAN be sniffed. If the computer can decipher something which is not directly connected to it, then something else can too.
Sure, you can encrypt the data stream, but encryption isn't full security.
The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false.
No it doesn't prove false, you have to use common sense. So you unplugged it from the internet but decided to use a WIRELESS device, especially one that is not built with the intent of being cryptographically secure.
This is purely a stupid post. Releasing data into the airstream obviously makes it more susceptible to sniffers. And it's been known for ages that you can sniff out WIRED keyboards by checking electrmagnetic pulses in the air. Sure it takes very expensive equipment, and you need to be close to the computer, but if that can be done, then why the hell is it surprising that WIRELESS keyboards can be sniffed?
I was able to sniff my cordless mouse and keyboard a long time ago. Didn't really get much out of it, though.
Then I burned them, and THEN sniffed, and whooboy, do those chemicals go STRAIGHT to the brain. Awesome.
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
"Security - Logitech Wireless Mice & Keyboards Can Be Sniffed"
Lets say it's 50 years ago. This title would be damned funny.
(people are smelling robotic mice and wooden keys it's a security risk.)
Okay, I got all this from an old man who I work with that used to work for the NSA, this is what he says, I dunno if he is nuts or not.....
The CIA has their main building that is built within another building, and between the two buildings... white noise is pumped throughout. There is a good reason for this, *THEY* (NSA, CIA, MIB, Echeleon, whoever you are paranoid against) have the technology to sniff your keystrokes from about 50 yards away, even with your traditional wired keyboard. In some cases they can read even the radiation from your monitor.
I can't believe there are so many important people hanging out at Slashdot. ;-)
Cellular phones aren't secure. Anyone with a piece of hardware can listen in on your conversations. I know some people with such devices.
"Cordless" telephones are definately not secure. I've listened to other people's conversations because we were on the same channel, accidently, and while I couldn't talk, was very informed on this person's stock portfolio from his conversation with his broker.
Monitor cables, yes, the corded kind, emitt signals that a TEMPEST scanner can reconstruct into an image of your monitor, like a remote wireless VNC termanal that is set to look only.
Why should a wireless mouse and keyboard be any different? They are beaming keystrokes/(X,Y) coordinates into the air the same as those other devices are...why wouldn't a scanner or another receiver be able to pick them up? Anything that travels through the air is unsecure - it should never be assumed otherwise.
So what! Cellphones, cordless telephones, 802.11b, and just about everything else can be "sniffed"! There are a million ways to compromise the security of a PC. If you need maximum security, then don't use cordless mice or keyboards!
Why are people around Slashdot always so worried about this kind of thing?
No offense, but if you don't use a wireless network because it's not encrypted, what makes you think a keyboard that runs off two AA batteries will be secure?
Common sense, people... Common sense.
Do you like German cars?
It turns out CRT monitors can be photographed from yards away! Get rid of them now!
When cordless phones first became common, many people were surprised to discover that their neighbors were listening in. DUH!!!
When cellular phones came within ordinary peoples' price range, many were surprise to learn that everyone could listen in. DUH!!!
Anything you put on the radio is insecure unless it is heavily encrypted with good control of the keys. Why is that hard to understand?
The wireless keyboard and mouse could be encrypted. In fact from the article it appears that they might be encrypted; there is some sort of negotiation going on at startup, but I don't know whether that is to pick a key or simply to pick a channel. But even if the encryption is good, this live on-the-air key negotiation is a weak point. For instance, you could buy the same model of keyboard and take control after the guy turned on his computer and while he was walking over to the keyboard. Of course, you'd be entering commands blind, but there's always "del *.* (enter) y". Or since there seems to be a short list of built-in keys, you could experiment with a keyboard to find out what they all were, read the key selected from the start-up transmissions, then read out the login and password.
If you want a really secure wireless connection, then you need strong encryption with a unique key that no one else knows. Either you ship keyboard and receiver from the factory as a set (and trust the factory to erase the pre-programmed keys from their records as soon as they are used), or you have a way to temporarily bring the two devices together and connect them by a nearly untappable wire while they figure out a key.
Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation. Don't ask me to explain it. It would require enabling two-way communications, which doubles the cost of the radio circuits, and I suspect it would increase the CPU power required dramatically.
By the way, you don't need much CPU power for good secret-key encryption, you just have to design right. I know of boards that do reasonably secure encryption and only have eight bit CPU's barely more powerful than the one in the original IBM PC keyboard. They have a special (and not too expensive) chip that implements DES, and since the original DES definition used a key that is short enough for brute force attacks nowadays, they run the message through several times with different parts of a long key. It's supposed to be safe enough to carry debit card PIN numbers under the tough European regulations. But we've got to go to nearly absurd lengths to keep that programmed-in key safe: the board is wrapped in a piece of folded paper printed with wiring patterns, then it's all potted (cast) into a block of epoxy mixed with silica grit (sand). If you take the case off, a little switch detects this and the board erases its memory in microseconds. If you somehow get past the switch and drill or cut through the epoxy, besides being darned hard on the drill bit, when you hit that paper wrapper you cut wires and the board erases. If you freeze it to weaken the epoxy and slow down the erase process, the board has a thermistor to detect falling temperatures, and erases. If you try to burn off the epoxy, that paper will go first -- and in some models, there is also a thermistor to detect rising temperatures.
I thought it would be natural to use spread spectrum for this kind of device. Data rates are really low so the chip code could be extremely long. That would be quite secure for most purposes... No?
Your pizza just the way you ought to have it.
If you could somehow construct a conduit that the signal could use to travel from the mouse or keyboard to the box, perhaps a metal line with some sort of insulation to prevent signal bleed, and electric shocks. Of course these conduits would need to be long enough so that your mouse or keyboard could be operated at a comfortable distance from the machine...
No really, that's so pretentious it's not funny.
Cliff, stop kidding yourself, very few of us are important enough or have access to data that's important enough that someone would want to bother setting up a snooping station to intercept our userid/pwd.
For those of us who *do* have access to something that's sensitive, they *will* be sitting in that computer room that's disconnected from the net and they'll sure as hell not be using silly gizmos for geeks.
--
Scientists restrict study to entire physical universe; creationist
But no, Logitech had to do something that "works" but gives people zero privacy and no security. I hope this product gets hacked to hell, publicized to the ends of the universe and all products with crappy security get such a black eye in the press and a drubbing in the market that nobody even thinks about trying to sell something like that ever again.
--
Scientists restrict study to entire physical universe; creationist
Let's hope that reports like this will create a consumer demand for security and cause lots of complaints to Logitech. So, if you see people use these devices, explain to them that anybody nearby can get their passwords, credit card numbers, and even take control of their computer. I think when properly explained to them, consumers do care.
Wireless keyboards can be made secure for a few more dollars; the company simply needs to care.
That's like my life's goal :)
God spoke to me
Well, a few days ago we've been standing outside, smoking and talking about wireless networking - just the usual fun - while a friend told us a story about the Dresdner Bank, who had recently installed wireless Logitech mice and keyboards in one (or even more ?) of their subsidiaries here in Berlin/Germany. The reason for that was that they didn't want to drill cabling holes into their brandnew desks and counters ! ...
Funny that in a highly security sensitive environment like a bank somebody had the funny idea to use wireless keyboards and mice instead of leaving doors and safes wide open ...
Our idea was - as a matter of course - to sniff their fingertips and micemoves, and with knowledge of their software's menu and operating structure, to make our red account balance become deep black again. A few days later we all laughed about the report of a security consultant concerning a German bank, which we first read about here (in German). They of course didn't mention the bank's name
My boss has a wireless keyboard and he caught me sniffing it this morning. It definately wasn't worth it - it just smelled like coffee.
I know this is coming up in my performance eval...
RC
RC
you'd use the same receiver that comes with the stuff, just a little more sensitive with some special optics. you might be able to make a sniffer with one of the regular recievers by putting it behind one side of a pair of binoculars, or other telescope.
if you have a B&W CCD camera, take the IR filter out of it & have a look at the light beams. CCD's are sensitive to near IR. you'll see that the amount of light comming out of the senders is tremendous.
you could encrypt...
Could I hook up a transmitter to send the VGA signal over RF and get rid of my monitor cable? If these things are so easy to sniff, I want to take advantage of it for myself.
--- php: perl hates people
You'd be surprised how much wiretapping can occur with computer perpherals. A guy in the research labs in my uni can reconsitute the image from a monitor's radiation at a range of about 20 meters. He says the loss of quality is minimal. MOst consumer grade products aren't shielded nearly enough, because, obviously, that would drive the price up for a benefit most people wouldn't even be aware of..
Think about this for a minute. Wireless keyboard and mouse. How do you think that the data gets to the computer, magic?
IR seemes to be too unreliable, being that line of site was necessary and a dusty or smoky room would cause unreliable transmission of information.
What's left? RF. The properties of RF that make it so desirable are the same ones that make it sniffable.
Leaving a note on your monitor with your login and password will insure that you never forget, but it also eliminates the point of having password security.
-You can cry, but you'll still die. There'll be no tears in the end.
I imagine controlling the PC (transmiting louder than the PC keyboard/mouse) is also possible... and you don't need a very special equipment.
Really scaring...
Fortunately I'm using an old fashioned wired keyboard and mouse...
Anyone knows how long a physical mouse/keyboard extension cord could be?