Slashdot Mirror
Security - Logitech Wireless Mice & Keyboards Can Be Sniffed
Brock Tellier writes "The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false. According to a recent security report about Logitech wireless mice and keyboards, an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary." Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.
I believe the term is "Faraday cage".
But no, Honda had to make something that "works" but gives people no security.
Not really. Anything that increases the cost has to increase sales. Will the lack of a checkbox that says "uses random crypto thingie so it must be safe" lose some sales? Maybe. Some people clearly wouldn't buy it because of that. Then again some people would see that and be reminded that it is a problem, and not want it. Some people will see it and demand that they know how it works so they can be convinced it is secure. And above all, it is going to drive prices up. You won't be able to shoehorn much encryption into the tiny CPU that decides keystrokes and drives a little RF and emulates the original keyboard controller.
Plus it is hard to imagine anything simple that works out of the box, unless you key the base station to the keyboard from the factory. Otherwise you could have a man in the middle attack (which would be harder then the existing attack, but still...)
I mean look at the problems 802.11's WEP has, and it is on a $100 and up device!
If you consider where Logitech makes most of its stuff, there's a fair chance they wouldn't have been allowed to put in such features. Encryption makes life difficult for Big Brother.
(Nearly everything Logitech that I've seen in the past few years has said "Made in China" on it. Think about it.)
20 January 2017: the End of an Error.
People can hear you when you talk on the phone!
It's 10 PM. Do you know if you're un-American?
Cordless telephone poles, don't you mean cell towers?
a store's prices are based largely (but not solely) on their own costs. if a stereo costs them $200, and they can sell it for $400 they make a nice $200 profit. but what if that stereo now effectively costs them $300 because for every 3 stereos they sell, one of them is credit fraud and they have to eat the cost? they would have to raise the price to $500 to make the same $200 profit.
the reason they can't raise the price to, say, $900 and make a $600 profit, is that the guy down the street is selling them for $500 too, and everyone would just buy them there. or, if everyone was charging $900, people would just say "fuck it, i don't need that stereo that much" and not buy one.
</basic economics>
I bought a Logitech Cordless TrackMan FX the other day ... that's about as useful as a cordless telephone pole ...
And you bought it because you're really into cordless telephone poles?
Mmmm.. Donuts
The CIA can already sniff your keyboard and mouse movements, wireless or not. It's called Tempest. It was mentioned briefly in Rainbow 6; Jack Ryan has a computer which he refers to as "Tempested" which I took to mean resistant to Tempest sniffing. The CIA did a short demonstration with a computer bigwig (I forget who) where they showed this technology off a year or so -- they were able to sniff a login/pw from a family computer from about a block away.
Laz
No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests. (And how many servers display passwords on the screen when you log onto them?)
Wireless keyboard sniffing is MUCH cheaper and MUCH more damaging than TEMPEST vulnerabilities could ever be.
Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
-- ;-)
Kuro5hin.org: where the good times never end.
alice sends to bob X = G ^ x mod n
bob sends to alice Y = G ^ y mod n
shared secret is G ^ xy mod n which alice gets by computing Y ^ x mod n and bob gets by computing X ^ y mod n
alice and bob can each generate the secret key because they know either x or y. eve, an evesdropper, cannot generate the secret key because without either x or y, computing the secret key from X and Y alone requires calculating a discrete logarithm, which is a Hard Problem. This is not intensive calculation by today's standards since my Java ring is powerful enough to do modular exponentiation in a reasonable amount of time, and it is several years old. You are absolutely correct that adding two way communication to a wireless keyboard/mouse would be much more expensive, however.
burris
Burris
I must first admit that i am unaware of the design of these keyboards but i assume there is only a few channels they operate on. All you would really need to "sniff" these devices would be another reciever device of the same type set to the same channel. Once you have the channel figured out the second device, attached to a second PC, should display what was being typped on the original? This is the way the old RF keyboards sold with the Gateway 2000 Destination series of computers worked. We purchased a few of these where i work and i used to love to annoy people by setting a second mouse to the same channel they used, then in the middle of a presentation start moving their mouse around on them.
If you are security conscious and bought a wireless keyboard, you deserve to have your head examined. If it didn't say "Strong Encryption" or mention some other form of security on the box, you didn't honestly think it was secure did you? Even IR keyboards can be "sniffed", although not nearly as easily.
Here is the list of frequencies for each model of keyboard. This is direct from Logitech's web site:
http://www.logitech.com/cf/support/1029.cfm
It's nice when they make it easy for you.
The credit card system is in shambles. If it was designed properly we wouldnt have to subsidize billion of dollars of theft via higher prices at the store.
This country is becoming increasingly dependant upon computers, and as it does so you will become even more vulnerable to electronic fraud and surveillance.
It may have been easy for you to show that you obviously didnt make those charges on you credit card bill, but do you want to have to explain that you didnt request that $20,000 online "cash" advance next time, that was promptly "lost" at some ecasino?
Basic common sense security is something you should consider. One day, your attitude may come back and bite you.
Warning! If you work with secure data on a computer, and there is a wire spliced onto your keyboard wire in an unusual way and the wire goes into a hidden corridor, out the window, or far from site, someone might be sniffing your data!!
(also see sig s/Privacy/Security/g)...
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
A couple of people in the audience with a cordless keyboard and/or mouse on the same channel... a couple of clicks... a few choice webpages projected on the screen...
I don't think you'd be staying at the podium for long.
Actually, it's not terribly difficult to get data from a wired keyboard at a reasonable range. They run at a low data rate and leak a fair amount of RF. You can demonstrate this by holding an inductive probe near one and pressing different keys - they all make different tones.
It's not "unplugged from the Internet", it's "unplugged". As in unpowered.
A few years ago my brother, another geek, emailed me a challenge to see which of us was laziest. He said he would put off all his work till the last minute and not clean up his house or run and play with the kids for a full week.
One of these days I'll get around to replying to his email.
Steven
-- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
giving the PC side a transmitter - added cost
and the keyboard side a receiver. - added cost
the keyboard could have had a light sensor - added cost; requires keyboard to have line of sight to monitor and obviates much of wireless advantage.
docking/charging stand - added cost; requires regular connections to computer
Yes, Logitech could have done these things, resulting in a product that cost twice as much and half as convenient as what they currently sell. And someone would have found a way to snoop on them eventually anyway.
If you're at risk of having your keyboard sniffed, then you've got bigger concerns to begin with.
-----
D. Fischer
ShoutingMan.com
Your double-click speed, combined with mouse acceleration, velocity, and number of buttons is practically a DNA fingerprint of your computer!
Got friends?
I'd never use one of those. I even switched to an HMD to avoid my screen be visible from the next room. I also put my computer into a room 6 meters underground, then sealed the entrance. I bought temperature/moisture/pressure sensors for the floor tiles, removed the air ducts (so there, Mission Impossible!), re-install NetBSD nightly to avoid any files being saved, and put EMF filters on my mouse and keyboard cables. I have my own air generator, and a lifetime supply of Spaghetti-O's.
Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for /. or MP3.Com. Who the h377 cares?
Do you actually think it matters if someone uses your credit card fraudulently? Nope. Happened to me already, before everything was 'e' something. I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.
Life is just one big exercise in risk-management. Learn what things matter, and what things don't. Protect yourself where it matters. Don't bother to wear a flak jacket to the can.
-WS
An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
I can't believe there are so many important people hanging out at Slashdot. ;-)
It turns out CRT monitors can be photographed from yards away! Get rid of them now!
When cordless phones first became common, many people were surprised to discover that their neighbors were listening in. DUH!!!
When cellular phones came within ordinary peoples' price range, many were surprise to learn that everyone could listen in. DUH!!!
Anything you put on the radio is insecure unless it is heavily encrypted with good control of the keys. Why is that hard to understand?
The wireless keyboard and mouse could be encrypted. In fact from the article it appears that they might be encrypted; there is some sort of negotiation going on at startup, but I don't know whether that is to pick a key or simply to pick a channel. But even if the encryption is good, this live on-the-air key negotiation is a weak point. For instance, you could buy the same model of keyboard and take control after the guy turned on his computer and while he was walking over to the keyboard. Of course, you'd be entering commands blind, but there's always "del *.* (enter) y". Or since there seems to be a short list of built-in keys, you could experiment with a keyboard to find out what they all were, read the key selected from the start-up transmissions, then read out the login and password.
If you want a really secure wireless connection, then you need strong encryption with a unique key that no one else knows. Either you ship keyboard and receiver from the factory as a set (and trust the factory to erase the pre-programmed keys from their records as soon as they are used), or you have a way to temporarily bring the two devices together and connect them by a nearly untappable wire while they figure out a key.
Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation. Don't ask me to explain it. It would require enabling two-way communications, which doubles the cost of the radio circuits, and I suspect it would increase the CPU power required dramatically.
By the way, you don't need much CPU power for good secret-key encryption, you just have to design right. I know of boards that do reasonably secure encryption and only have eight bit CPU's barely more powerful than the one in the original IBM PC keyboard. They have a special (and not too expensive) chip that implements DES, and since the original DES definition used a key that is short enough for brute force attacks nowadays, they run the message through several times with different parts of a long key. It's supposed to be safe enough to carry debit card PIN numbers under the tough European regulations. But we've got to go to nearly absurd lengths to keep that programmed-in key safe: the board is wrapped in a piece of folded paper printed with wiring patterns, then it's all potted (cast) into a block of epoxy mixed with silica grit (sand). If you take the case off, a little switch detects this and the board erases its memory in microseconds. If you somehow get past the switch and drill or cut through the epoxy, besides being darned hard on the drill bit, when you hit that paper wrapper you cut wires and the board erases. If you freeze it to weaken the epoxy and slow down the erase process, the board has a thermistor to detect falling temperatures, and erases. If you try to burn off the epoxy, that paper will go first -- and in some models, there is also a thermistor to detect rising temperatures.
I thought it would be natural to use spread spectrum for this kind of device. Data rates are really low so the chip code could be extremely long. That would be quite secure for most purposes... No?
Your pizza just the way you ought to have it.
If you could somehow construct a conduit that the signal could use to travel from the mouse or keyboard to the box, perhaps a metal line with some sort of insulation to prevent signal bleed, and electric shocks. Of course these conduits would need to be long enough so that your mouse or keyboard could be operated at a comfortable distance from the machine...
But no, Logitech had to do something that "works" but gives people zero privacy and no security. I hope this product gets hacked to hell, publicized to the ends of the universe and all products with crappy security get such a black eye in the press and a drubbing in the market that nobody even thinks about trying to sell something like that ever again.
--
Scientists restrict study to entire physical universe; creationist
My boss has a wireless keyboard and he caught me sniffing it this morning. It definately wasn't worth it - it just smelled like coffee.
I know this is coming up in my performance eval...
RC
RC
You'd be surprised how much wiretapping can occur with computer perpherals. A guy in the research labs in my uni can reconsitute the image from a monitor's radiation at a range of about 20 meters. He says the loss of quality is minimal. MOst consumer grade products aren't shielded nearly enough, because, obviously, that would drive the price up for a benefit most people wouldn't even be aware of..
Think about this for a minute. Wireless keyboard and mouse. How do you think that the data gets to the computer, magic?
IR seemes to be too unreliable, being that line of site was necessary and a dusty or smoky room would cause unreliable transmission of information.
What's left? RF. The properties of RF that make it so desirable are the same ones that make it sniffable.
Leaving a note on your monitor with your login and password will insure that you never forget, but it also eliminates the point of having password security.
-You can cry, but you'll still die. There'll be no tears in the end.