Beware Of Keystroke Loggers Disguised As USB Phone Chargers, FBI Warns

An anonymous reader cites an article on Ars Technica: FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards. The FBI's Private Industry Notification (PDF) comes more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. To lower the chances that the sniffing device might be discovered by a target, Kamkar designed it to look almost identical to USB phone chargers that are nearly ubiquitous in homes and offices."If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information," FBI officials wrote in last month's advisory. "Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen."

Re:Use a USB Condom

[bluefoxlucid]

The problem is you can conceal a radio in that little pink piece of shit, and then when you plug it into USB it powers up the radio and listens for your bluetooth and RF keyboards, logs keys, and then connects to whatever wifi it can find and e-mails all your passwords to some asshole in Beijing.