Wireless Keylogger Masquerades as USB Phone Charger

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

Dewhat?

[TheCarp]

This is why I hate large swaths of consumer products.

If the keyboard is encrypting keystrokes and sending them to the system....and a third party device sitting in the corner with no configuration involving dumping and loading keys....then the data is NOT encrypted.

If you use the same static key, or one of a few easily derivable keys, I don't care how solid the encryption alcogrythem you use is.... I do not consider it encrypted, because the use case took "strong encryption" and turned it into "weak obfuscation".

So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

Re:Dewhat?

[Firethorn]

So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

Re:Dewhat?

[Opportunist]

It's not even weak obfuscation. The "key" is the mac address of the device... which is sent along with every single packet.

Re:Dewhat?

[KingMotley]

When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

That's easy to solve. Since the keyboard and mouse are very likely near a PC, just run a charging cable to one of it's USB ports and never disconnect it. Then you can get rid of the battery completely. Problem solved. Then you've got a nice battery-less, always charged wireless keyboard and mouse. Tada!

Re:Dewhat?

[Dagger2]

And the "key" is xored with the plaintext to get the "encrypted" text, and the typed character is in a single byte. So you only actually need a single byte of the MAC address.

And it happens to be the first byte, which for these Microsoft keyboards is always 0xCD. So you don't even need to bother figuring out what the MAC address is.

Re:And this is good why?

[fightinfilipino]

What if you want to sniff your own keyboard?

when i do this i just end up snorting cookie and chip crumbs.

Re:And this is good why?

[slacktide]

It's purpose is clearly to force wireless device manufacturers to use secure data transmission protocols.

Re:And this is good why?

people could be secretly using this technology already, could have been for the past 10 years or more, to spy on you.

by making it easy and publicizing it, this teaches you today about the risks you have already been facing which is good because perhaps now you will take steps and do something about it.

Re:And this is good why?

[Opportunist]

This is good because he told us instead of handing us a USB charger.

"But if he wouldn't develop it, it would be better!"

Nope. Because there is no such thing as security by apathy. Nobody has the monopoly on ideas, and this is hardly the first hack of this kind. Hiding microelectronics in inconspicuous everyday items is as old as, well, the Thing. Think the US would have been spied upon if they themselves knew such a device can be developed?

And do you think you can be spied upon with such an item now?

Come on, MS Keyboards are secure.

[140Mandak262Jamuna]

I am sure the Microsoft keyboards are well engineered and will not allow a random listener within earshot to snoop in on communications. Microsoft has a well earned reputation for placing security above everything else. It would not compromise the security for some trivial thing like ease-of-use for dimwitted user. The keyboard will be using encrypted communication between the wireless keyboard and the host PC. In almost all the conference rooms in our office we routinely use wireless keyboard to log in to the conf-room PC, then remote desktop to login to our workstations to make presentations. We would not do it, if someone is using a compromised USB charger in the conference room.

I have very good experience walking past grave yards whistling.