Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security - Logitech Wireless Mice & Keyboards Can Be Sniffed

Posted by Cliff on from the and-just-as-I-was-getting-used-to-mine dept.

Brock Tellier writes "The old adage 'The only safe computer is locked in a room and unplugged from the Internet' proves false. According to a recent security report about Logitech wireless mice and keyboards, an attacker can sit a hundred feet or more from your computer and 'sniff' the data from your keyboard and mouse. Scary." Scary indeed! Having just purchased one of these, and finding them immensely conveinient such news is disheartening. Are there easy ways in which Logitech might be able harden any new models against this? How difficult are these things to sniff, and what kind of hardware would one need to do so? Obvious security tip: if you have these keyboards attached to machines that may access secure data, consider moving them back to the wired standbys until a more secure wireless options present itself.

16 of 292 comments (clear)

  1. Re:Just shows how important key management is by CaseyB · · Score: 5
    It's amazing how many ways the Honda Civic could have been done right, but is still wrong. For instance, the car could have 2 inch steel armour completely encasing the body, bulletproof glass, solid rubber run-flat tires, and a 500 HP engine and high-performance suspension to compensate for the increased weight. Or they could have added a jet-assisted thrust system to allow drivers to escape dangerous situations at 300 MPH. Or they could have outfitted the car with wings, so that it could simply fly away from would-be attackers.

    But no, Honda had to make something that "works" but gives people no security.

  2. Re:Cordless Logitech trackballs by British · · Score: 5

    Cordless telephone poles, don't you mean cell towers?

  3. Tempest by Lazarus54 · · Score: 4

    The CIA can already sniff your keyboard and mouse movements, wireless or not. It's called Tempest. It was mentioned briefly in Rainbow 6; Jack Ryan has a computer which he refers to as "Tempested" which I took to mean resistant to Tempest sniffing. The CIA did a short demonstration with a computer bigwig (I forget who) where they showed this technology off a year or so -- they were able to sniff a login/pw from a family computer from about a block away.

    Laz

  4. Re:DUH by John+Miles · · Score: 5

    No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests. (And how many servers display passwords on the screen when you log onto them?)

    Wireless keyboard sniffing is MUCH cheaper and MUCH more damaging than TEMPEST vulnerabilities could ever be.

    --
    Dahlmann tightly grips the knife, which he may have no idea how to use, and steps out into the plain.
  5. Poppycock by burris · · Score: 5
    No, actually, Van Eck sniffing is NOT "easy." It takes thousands of dollars' worth of exotic equipment, and is nowhere near as foolproof as the media suggests.
    I must say that this is not at all true. I've seen a demonstration of the recovery of the video signal from a Commodore PET from a few feet away using nothing more than an old portable B&W TV set (the ones that are about the size of a shoebox) and a simple amplifier inserted between the TV and the attenna. This was at HoHoCon '92. Sure, a PET is quite noisy, the distance was short, and the refresh rates weren't matched, but you could read the computer screen on the TV so it was a powerful demonstration nonetheless. Better equipment and analysis software does improve the effective range of recovery and allows recovery of signals that are more complex than video, but it goes to show that basic techniques are actually quite simple.
    (And how many servers display passwords on the screen when you log onto them?)
    At the aforementioned demonstration the presenter, Jim Carter, made it quite clear that it was possible to recover emissions from much more than the video circuitry. Disk controllers, network interfaces, keyboards; pretty much any circuit at all will generate emissions that can be recovered. Bootleg also stressed that information can be recovered from more than just the air. Information goes out through your electrical circuits too, this is why extremely secure facilities generate their own power and do not connect to the grid. Amazingly enough, the pipes in building sprinkler systems act as antennas and information can be recovered from the plumbing exiting the building. Information can even be recovered from the ground!

    Burris

  6. DUH by stilwebm · · Score: 5

    If you are security conscious and bought a wireless keyboard, you deserve to have your head examined. If it didn't say "Strong Encryption" or mention some other form of security on the box, you didn't honestly think it was secure did you? Even IR keyboards can be "sniffed", although not nearly as easily.

  7. Re:Cordless Logitech trackballs by andyh1978 · · Score: 5
    Actually, they are used for presentations frequently (so you don't have to stay at the podium).
    Oh, the embarrassing possibilities...

    A couple of people in the audience with a cordless keyboard and/or mouse on the same channel... a couple of clicks... a few choice webpages projected on the screen...

    I don't think you'd be staying at the podium for long. :-)
  8. The Adage... by Anal+Surprise · · Score: 5

    It's not "unplugged from the Internet", it's "unplugged". As in unpowered.

  9. Re:Wouldn't bother me by Mtgman · · Score: 4

    A few years ago my brother, another geek, emailed me a challenge to see which of us was laziest. He said he would put off all his work till the last minute and not clean up his house or run and play with the kids for a full week.

    One of these days I'll get around to replying to his email.

    Steven

    --
    -- I have marked myself unwilling to moderate-- I don't have other accounts to artificially inflate the karma of
  10. Cordless Logitech trackballs by Rosco+P.+Coltrane · · Score: 4
    I bought a Logitech Cordless TrackMan FX the other day : this thing is a *cordless* trackball ! I understand the need for a cordless mouse, to avoid dragging a cord around, but a cordless trackball ?? that's about as useful as a cordless telephone pole ...

    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash

    --
    "A door is what a dog is perpetually on the wrong side of" - Ogden Nash
  11. Mouse Data Is Useful. by Cardhore · · Score: 4
    Mouse data is useful.

    Your double-click speed, combined with mouse acceleration, velocity, and number of buttons is practically a DNA fingerprint of your computer!

    --
    Got friends?
  12. Re:DUH by WinterSolstice · · Score: 5

    I'd never use one of those. I even switched to an HMD to avoid my screen be visible from the next room. I also put my computer into a room 6 meters underground, then sealed the entrance. I bought temperature/moisture/pressure sensors for the floor tiles, removed the air ducts (so there, Mission Impossible!), re-install NetBSD nightly to avoid any files being saved, and put EMF filters on my mouse and keyboard cables. I have my own air generator, and a lifetime supply of Spaghetti-O's.

    Of course, in the real world, most of us understand that little things like 'keyboard snooping' and 'phone tapping' are seriously un-important. I'm much more concerned about the real threats like Unlawful Search and Seizure than I am about someone knowing my password for /. or MP3.Com. Who the h377 cares?

    Do you actually think it matters if someone uses your credit card fraudulently? Nope. Happened to me already, before everything was 'e' something. I had someone run my card to the limit, and the company just charged me my insurance co-pay. Bango, no problem.

    Life is just one big exercise in risk-management. Learn what things matter, and what things don't. Protect yourself where it matters. Don't bother to wear a flak jacket to the can.

    -WS

    --
    An operating system should be like a light switch... simple, effective, easy to use, and designed for everyone.
  13. Somebody PLEASE spy on me!!! by ryanvm · · Score: 4
    I must be a friggin' loser. All you guys are sitting around contemplating the ramifications of this demonstration. Meanwhile, I could only dream that someone would go through this amount of trouble to see what I type.

    I can't believe there are so many important people hanging out at Slashdot. ;-)

  14. In other news... by NerdSlayer · · Score: 5

    It turns out CRT monitors can be photographed from yards away! Get rid of them now!

  15. Duh! by markmoss · · Score: 5

    When cordless phones first became common, many people were surprised to discover that their neighbors were listening in. DUH!!!

    When cellular phones came within ordinary peoples' price range, many were surprise to learn that everyone could listen in. DUH!!!

    Anything you put on the radio is insecure unless it is heavily encrypted with good control of the keys. Why is that hard to understand?

    The wireless keyboard and mouse could be encrypted. In fact from the article it appears that they might be encrypted; there is some sort of negotiation going on at startup, but I don't know whether that is to pick a key or simply to pick a channel. But even if the encryption is good, this live on-the-air key negotiation is a weak point. For instance, you could buy the same model of keyboard and take control after the guy turned on his computer and while he was walking over to the keyboard. Of course, you'd be entering commands blind, but there's always "del *.* (enter) y". Or since there seems to be a short list of built-in keys, you could experiment with a keyboard to find out what they all were, read the key selected from the start-up transmissions, then read out the login and password.

    If you want a really secure wireless connection, then you need strong encryption with a unique key that no one else knows. Either you ship keyboard and receiver from the factory as a set (and trust the factory to erase the pre-programmed keys from their records as soon as they are used), or you have a way to temporarily bring the two devices together and connect them by a nearly untappable wire while they figure out a key.

    Finally, there is a mathematical procedure that is claimed to work out a secure key by a _long_ process of exchanged messages and intensive calculation. Don't ask me to explain it. It would require enabling two-way communications, which doubles the cost of the radio circuits, and I suspect it would increase the CPU power required dramatically.

    By the way, you don't need much CPU power for good secret-key encryption, you just have to design right. I know of boards that do reasonably secure encryption and only have eight bit CPU's barely more powerful than the one in the original IBM PC keyboard. They have a special (and not too expensive) chip that implements DES, and since the original DES definition used a key that is short enough for brute force attacks nowadays, they run the message through several times with different parts of a long key. It's supposed to be safe enough to carry debit card PIN numbers under the tough European regulations. But we've got to go to nearly absurd lengths to keep that programmed-in key safe: the board is wrapped in a piece of folded paper printed with wiring patterns, then it's all potted (cast) into a block of epoxy mixed with silica grit (sand). If you take the case off, a little switch detects this and the board erases its memory in microseconds. If you somehow get past the switch and drill or cut through the epoxy, besides being darned hard on the drill bit, when you hit that paper wrapper you cut wires and the board erases. If you freeze it to weaken the epoxy and slow down the erase process, the board has a thermistor to detect falling temperatures, and erases. If you try to burn off the epoxy, that paper will go first -- and in some models, there is also a thermistor to detect rising temperatures.

  16. sniffing by redcup · · Score: 5

    My boss has a wireless keyboard and he caught me sniffing it this morning. It definately wasn't worth it - it just smelled like coffee.

    I know this is coming up in my performance eval...

    RC

    --

    RC