Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Keylogger Masquerades as USB Phone Charger

Posted by Soulskill on from the in-case-you-were-running-out-of-attack-vectors-to-worry-about dept.

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

3 of 150 comments (clear)

  1. Re:And this is good why? by fightinfilipino · · Score: 5, Funny

    What if you want to sniff your own keyboard?

    when i do this i just end up snorting cookie and chip crumbs.

  2. Come on, MS Keyboards are secure. by 140Mandak262Jamuna · · Score: 5, Funny
    I am sure the Microsoft keyboards are well engineered and will not allow a random listener within earshot to snoop in on communications. Microsoft has a well earned reputation for placing security above everything else. It would not compromise the security for some trivial thing like ease-of-use for dimwitted user. The keyboard will be using encrypted communication between the wireless keyboard and the host PC. In almost all the conference rooms in our office we routinely use wireless keyboard to log in to the conf-room PC, then remote desktop to login to our workstations to make presentations. We would not do it, if someone is using a compromised USB charger in the conference room.

    I have very good experience walking past grave yards whistling.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. Re:Dewhat? by KingMotley · · Score: 4, Funny

    When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

    That's easy to solve. Since the keyboard and mouse are very likely near a PC, just run a charging cable to one of it's USB ports and never disconnect it. Then you can get rid of the battery completely. Problem solved. Then you've got a nice battery-less, always charged wireless keyboard and mouse. Tada!