Slashdot Mirror

← Back to Stories (view on slashdot.org)

Popular Wireless Keyboards From HP, Toshiba and Others Don't Use Encryption, Can Be Easily Snooped On (threatpost.com)

Posted by msmash on from the security-woes dept.

Reader msm1267 writes: Wireless keyboards made by eight different companies suffer from a vulnerability that can allow attackers to eavesdrop on keystrokes from up to 250 feet away, researchers warned Tuesday. If exploited, the vulnerability, dubbed KeySniffer, could let an attacker glean passwords, credit card numbers, security questions and answers -- essentially anything typed on a keyboard, in clear text. Keyboards manufactured by Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec are affected, according to Marc Newlin, a researcher with Bastille Networks who discovered the vulnerability. Bastille gave the manufacturers of the keyboards 90 days to address the vulnerability, but most vendors failed to respond to their findings. Newlin said only Jasco Products, a company that manufactures the affected keyboard (GE 98614) for General Electric, responded and claimed it no longer manufactures wireless devices, like keyboards. As there doesn't appear to be a way to actually fix the vulnerability, it's likely the companies will eventually consider the devices end of life.

3 of 85 comments (clear)

  1. Solution found by Anonymous Coward · · Score: 2, Insightful

    Use a wired keyboard.

    1. Re:Solution found by NotInHere · · Score: 4, Insightful

      I hate wireless everything because it means that each of these devices has batteries I have to care about. Plus, this pairing bullshit. And the security for wireless keyboards is 100x worse than for wired ones, like observable here. Even if they use encryption (which on the outside, you can't easily find out), is the encryption secure? I doubt it uses something secure like AES because for low power devices usually weaker encryption is used. And even then issues remain. Do all keyboards of a model share the same secret key? If not, is the key non guessable? Unless I have looked at it, I won't trust them a bit. And which manufacturers actually document the protocol down to this level.

      Sorry, but I do not want things to be wireless. I simply don't have the time to review each of these devices.

  2. Re:In case you were curious about Logitech keyboar by Anonymous Coward · · Score: 2, Insightful

    Too bad Bluetooth's encryption is still so easy to break.