Slashdot Mirror
Beware the Haunted Cordless keyboard
dr. greenthumb writes "The norwegian newspaper Aftenposten reports about an incident where a computer suddenly seemed to develop a life of its own. A game which the user could not remember using that day suddenly appeared on the screen. When he went over to shut it off the screen displayed a message asking him if he "really wanted to delete this file?"
His computer was receiving keystrokes from another computer (with the same type of wireless keyboard) 150 metres away!
Check out the full story and a follow-up, where experts warns against using wireless keyboards." /me plans to destroy Hemos' sanity...
Bluetooth is a close-range wireless protocol (about 10mts), and products are "bound" to each other, if you re using a wireless headset and walk close to some one using one they wont mix signals.
I would be much more worried to someone "stealing" my emails/contacts from my bluetooth pda, using my cellphone to dial out, and eavesdropping on my conversations, than messing up presentations
Today's mice are well known to spiral the cursor in a circular motion around your screen at a high rate of speed, clicking the screen randomly when their internal circuitry begins to fry.
... once at a colleague's desk, and another time during an application demo.
I've witnessed it twice
It's great fun to explain that the problem is the mouse and not your app to a room full of speculative non-technical people.
In theory, yes. How many combinations of frequency and code are there? My uncle used to work in a Ford factory, and every car that rolled off the assembly line together used the same key. It's possible that they keyboards have a similar problem.
I can't say that I don't give a fuck. I've just run out of fuck to give.
Wireless mice arent much of a security hazard. if anyone is able to listen in on your wireless mouse, all they are going to get is cursor cordinates. unless you somehow enter your password using your mouse, theres not much usefull info to gain from a wireless mouse. It will also be very hard for someone else to do something to your pc though a cordless mouse, unless they can also see the screen. I cant stand corded mice anymore after owning a wireless mouse. Whenever i use corded mice in labs at school, or friends houses, i always find myself tugging on cords that get tangled up with something on or behind the desk or keyboard drawer. I however will never own a wireless keyboard. I had thought of security issues such as this long before this article appeared.
Seriously, though. I've been using Logitech cordless desktops for years - I've had four in my apartment in close proximity with no problem, and used several at work as well. If a mouse or keyboard syncs with a base unit, it syncs to *that* unit. You can sync multiple devices to a base unit, but I have never seen a device sync to multiple base units. A nice little thing about Logitech's system is that they are all compatable - I like the simple diamond mouse and a keyboard without extra multimedia buttons, and detest the ergonomic "crashing wave" mouse. I can pick and choose my keyboard and mouse, walk over to a computer, hit the sync button and start using it at that terminal. The only problem I've ever had was when the living room computer was next to the multimedia computer and you sometimes synced to the wrong one... so you'd check before typing willy-nilly. :)
Wireless keyboards and mouses are great - I swear by them. I change batteries maybe once every 4 to 6 months, and don't ever have to worry about cables. At home I type in my lap, and can have my phone right against the top of my mousepad, my monitor to the left, and a glass of tea to the right and not worry about the cord catching the phone cord or knocking over the tea.
Now, I *would* like an encrypted signal, sure... but gimmie a break... who the hell cares to capture a few hours of my posting to Slashdot and writing rough drafts of lyrics? Certainly not *my* neighbors. Still, I ssh to my servers, and it would be really nice to have a secure connection to my keyboard. If I was really paranoid, I'd stick my monitors in a Faraday cage to prevent the video signal from being broadcast... everybody is sending *that* out (where everybody = really close to 100% of all computers).
--
Evan
"$30 for the One True Ring. $10 each additional ring!" -- JRR "Bob" Tolkien
When I had pcAnywhere installed on my old machine it was pretty simple to fire it up on the old @home network and suddenly finding myself on a password-less PC. I also ran notepad but wrote, "Put a damn password on your pcAnywhere!"
That's the nice thing about the open VNC apps, you can't run them without some password and if you try to brute force it (at least in tightVNC) it locks you out for x amount of time. Not to mention its free. Yes, I know there's no built in encryption, but that's besides the point.
I live in a dorm situation, so it is very possible kids who are nearbye will interfere/send keystrokes/recieve keystrokes from my computer. However, Logitech promises Cordless freedom through multi-channel digital radio technology with secure encryption.
Loitech assures us that the kind of stuff mentioned in the article cannot happen:
But I can't find any more details about this technology. So some logitech keyboard have encryption, some don't. I wonder how easy it is to add encryption to these thigns without latency. I don't want to press "a" and wait 2 seconds while the signal decrpyts for the a to appear on my screen. I wonder how simple or complex the encryption is on my cordless access keyboard. Is it a simple XOR like the AIM passwords or is it real encryption? I don't know. But frankly, I am not worried.Bottom Line: zero encryption with 12-but ID codes is good enough for me. If someone really wanted to get at my credit card numbers, they would probobly come into my unlocked room and find my wallet with my credit card in it instead of building a device to pick up the radio signals from my keyboard. Logitech claims a .25% chance of interference, and as long as my keyboard work, that is also good enough for me.
Of course, almost any car can be unlocked by a slim jim anyway, so it's not worth worrying about. If you want your car to not be stolen, you need either to disable it (What I do.), or put a lowjack in it.
It's usually not that hard to kept your car from running. If someone tries to steal my car, they'll find the ignition can be hotwired like normal, but for some odd reason it won't shift out of park...and no, I won't tell you why that is.
If corporations are people, aren't stockholders guilty of slavery?
Now, I really have no clue whether this is just for show of if it actually does something. Does anyone know?
How about a wide-spectrum IR-type keyboard. You'd have to align the transmitter and receiver, but at least the signal wouldn't be escaping the confines of your house/apartment/etc.
Also, how about security wireless mice? There's no password-sniffing risk, but I guess somebody could move the cursor around on your PC and delete files etc... not quite as bad as keybpard access though.
Can anyone give any info on available IR mice/keyboards? Most checks in search engines seem to just links about mice using IR for movement detection, not transmission
When I was young I was given a pair of toy walkie talkies. Of course, I was able to pick up the neighbour's cordless phone coversation while being 100 metres away from their house.
Needless to say, I don't trust cordless devices - they just aren't secure enough. Even if you encrypt the signals, they're still broadcasts in-effect - someone can record the information and break the encryption a decade later.