Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Keyboard "Encryption" Cracked

Posted by kdawson on from the hardly-needs-a-brute dept.

squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."

7 of 232 comments (clear)

  1. Re:Under my desk by lhaeh · · Score: 5, Informative

    That idea came up when this item was posted to Hack A Day The reason for the limited reception range is that receivers use pathetically small, internal antennas: Mine was about 1/32 wavelength. With a full wave antenna or directional antenna, you can easily pick them up from outside a building. After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.

  2. Re:urm by sqrt(2) · · Score: 5, Informative

    My wireless logitech keyboard works from the next room over, although a bit unreliably. It's the basic, white, model with no fancy function keys or anything. I don't think they make it anymore.

    So you might need to worry about it in say, an office or school environment.

    --
    If you build it, nerds will come. Soylentnews.org
  3. Re:Shocked by goofy183 · · Score: 4, Informative

    That is just the pairing code. So if you switched your device into pairing mode anyone could pair with it. The encryption is based on a different, randomly generated, key: http://en.wikipedia.org/wiki/Bluetooth#Security

  4. Re:Why a soundcard ! by thetartanavenger · · Score: 5, Informative

    A sound card is a cheap alternative to a digital and more importantly, recordable oscilloscope. By plugging the radio into the sound card, it allowed them to record the individual bit's being sent by the device to be analysed using a waveform viewer. If you were using a normal oscilloscope for that purpose the data flashes on the screen so fast it's impossible to be useful in any way, except possibly to read the carrier frequency of the signal, which is something your sound card would probably have alot of trouble doing because they're generally too slow.

    --
    Who need's speling and grammar?
  5. Bluetooth safe? by SharpFang · · Score: 4, Informative

    Yeah, right.

    Bluebag Project can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).

    --
    45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
  6. Re:urm by Ephemeriis · · Score: 3, Informative

    wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?
    TFA says they were able to snoop from up to 10 meters away with a "simple radio receiver". That's not too bad. 10 meters could easily put you in a different room, on a different floor, or outside. And that's just with a basic antenna... Put together something more directional and I'm sure you could get more distance. Definitely enough to snoop on someone from the office/apartment next to you.
    --
    "Work is the curse of the drinking classes." -Oscar Wilde
  7. Re:Shocked by gabebear · · Score: 4, Informative

    According to Wikipedia, the best current attack against 128bit keyed BlueTooth takes the first 24bits of 2^23.8 packets. Packets are 2745 bits long so the attacker would have to monitor over 4.66GB of data transfer from your keyboard.