Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wireless Keylogger Masquerades as USB Phone Charger

Posted by Soulskill on from the in-case-you-were-running-out-of-attack-vectors-to-worry-about dept.

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

18 of 150 comments (clear)

  1. And this is good why? by Iniamyen · · Score: 3, Insightful

    I am not a security expert, but what non-nefarious purpose does this product serve?

    1. Re:And this is good why? by fightinfilipino · · Score: 5, Funny

      What if you want to sniff your own keyboard?

      when i do this i just end up snorting cookie and chip crumbs.

    2. Re:And this is good why? by slacktide · · Score: 5, Insightful

      It's purpose is clearly to force wireless device manufacturers to use secure data transmission protocols.

    3. Re:And this is good why? by Anonymous Coward · · Score: 5, Insightful

      people could be secretly using this technology already, could have been for the past 10 years or more, to spy on you.

      by making it easy and publicizing it, this teaches you today about the risks you have already been facing which is good because perhaps now you will take steps and do something about it.

    4. Re:And this is good why? by Anonymous Coward · · Score: 2, Informative

      It raises awareness to just how insecure wireless keyboards are, so that hopefully people will stop using them for anything important.

    5. Re:And this is good why? by Opportunist · · Score: 5, Insightful

      This is good because he told us instead of handing us a USB charger.

      "But if he wouldn't develop it, it would be better!"

      Nope. Because there is no such thing as security by apathy. Nobody has the monopoly on ideas, and this is hardly the first hack of this kind. Hiding microelectronics in inconspicuous everyday items is as old as, well, the Thing. Think the US would have been spied upon if they themselves knew such a device can be developed?

      And do you think you can be spied upon with such an item now?

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    6. Re:And this is good why? by Opportunist · · Score: 2

      Well, then I guess the lesson is to not use wireless keyboards.

      In the end, you have learned something. Information you have can never be harmful to yourself. At least not by itself.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    7. Re:And this is good why? by hankwang · · Score: 2

      "the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR."

      The only meaningful hits on 'schneier microsoft wireless keyboard' is just a few broken links to a Dreamlab study: http://www.google.com/search?q...,

      Those were using a 27 MHz transmitter (near field, i suppose) and an association process that at least uses a different xor key each time. TFA claims that the newer 2.4 GHz keyboards always use the same xor key, 0xCD. TFA mentions at least two recent keyboard models that use this protocol. (Maybe I overlooked other ones)

      It seems that there is only the MS "2000 AES for business" keyboard that is explicitly marketed as using AES. http://www.microsoft.com/hardw...

      --
      Avantslash: low-bandwidth mobile slashdot.
  2. One more reason to use a wired keyboard by Jeremi · · Score: 2, Insightful

    As if having to replace keyboard-batteries every 6 months wasn't reason enough. Is there really any benefit to having a keyboard be wireless, outside of a living room TV/PC scenario?

    --


    I don't care if it's 90,000 hectares. That lake was not my doing.
    1. Re:One more reason to use a wired keyboard by sinij · · Score: 2

      A device that broadcast over sufficiently large range random flood of mouse clicks would be a very effective DoS tool in a corporate settings.

    2. Re:One more reason to use a wired keyboard by Nkwe · · Score: 3, Insightful

      A device that broadcast over sufficiently large range random flood of mouse clicks would be a very effective DoS tool in a corporate settings.

      Or a device that broadcast a very specific non-random set of keystrokes. For example you could send the keystrokes to open up a command window followed by the keystrokes to download and execute malware. You could even send the keystrokes to type in the source code and compile the malware or a malware bootstrap process.

    3. Re:One more reason to use a wired keyboard by Blaskowicz · · Score: 2

      Time to get the "telephone cord" style of cord back on keyboards. It was invented so you can move the cord more easily.

  3. Dewhat? by TheCarp · · Score: 4, Interesting

    This is why I hate large swaths of consumer products.

    If the keyboard is encrypting keystrokes and sending them to the system....and a third party device sitting in the corner with no configuration involving dumping and loading keys....then the data is NOT encrypted.

    If you use the same static key, or one of a few easily derivable keys, I don't care how solid the encryption alcogrythem you use is.... I do not consider it encrypted, because the use case took "strong encryption" and turned it into "weak obfuscation".

    So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

    --
    "I opened my eyes, and everything went dark again"
    1. Re:Dewhat? by Firethorn · · Score: 4, Interesting

      So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

      When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

      --
      I don't read AC A human right
    2. Re:Dewhat? by Opportunist · · Score: 4, Informative

      It's not even weak obfuscation. The "key" is the mac address of the device... which is sent along with every single packet.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    3. Re:Dewhat? by KingMotley · · Score: 4, Funny

      When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

      That's easy to solve. Since the keyboard and mouse are very likely near a PC, just run a charging cable to one of it's USB ports and never disconnect it. Then you can get rid of the battery completely. Problem solved. Then you've got a nice battery-less, always charged wireless keyboard and mouse. Tada!

    4. Re:Dewhat? by Dagger2 · · Score: 4, Informative

      And the "key" is xored with the plaintext to get the "encrypted" text, and the typed character is in a single byte. So you only actually need a single byte of the MAC address.

      And it happens to be the first byte, which for these Microsoft keyboards is always 0xCD. So you don't even need to bother figuring out what the MAC address is.

  4. Come on, MS Keyboards are secure. by 140Mandak262Jamuna · · Score: 5, Funny
    I am sure the Microsoft keyboards are well engineered and will not allow a random listener within earshot to snoop in on communications. Microsoft has a well earned reputation for placing security above everything else. It would not compromise the security for some trivial thing like ease-of-use for dimwitted user. The keyboard will be using encrypted communication between the wireless keyboard and the host PC. In almost all the conference rooms in our office we routinely use wireless keyboard to log in to the conf-room PC, then remote desktop to login to our workstations to make presentations. We would not do it, if someone is using a compromised USB charger in the conference room.

    I have very good experience walking past grave yards whistling.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact