Popular Wireless Keyboards From HP, Toshiba and Others Don't Use Encryption, Can Be Easily Snooped On (threatpost.com)

← Back to Stories (view on slashdot.org)

Popular Wireless Keyboards From HP, Toshiba and Others Don't Use Encryption, Can Be Easily Snooped On (threatpost.com)

Posted by msmash on Tuesday July 26, 2016 @08:47AM from the security-woes dept.

Reader msm1267 writes: Wireless keyboards made by eight different companies suffer from a vulnerability that can allow attackers to eavesdrop on keystrokes from up to 250 feet away, researchers warned Tuesday. If exploited, the vulnerability, dubbed KeySniffer, could let an attacker glean passwords, credit card numbers, security questions and answers -- essentially anything typed on a keyboard, in clear text. Keyboards manufactured by Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec are affected, according to Marc Newlin, a researcher with Bastille Networks who discovered the vulnerability. Bastille gave the manufacturers of the keyboards 90 days to address the vulnerability, but most vendors failed to respond to their findings. Newlin said only Jasco Products, a company that manufactures the affected keyboard (GE 98614) for General Electric, responded and claimed it no longer manufactures wireless devices, like keyboards. As there doesn't appear to be a way to actually fix the vulnerability, it's likely the companies will eventually consider the devices end of life.

55 of 85 comments (clear)

Min score:

Reason:

Sort:

Solution found by Anonymous Coward · 2016-07-26 08:50 · Score: 2, Insightful

Use a wired keyboard.
1. Re:Solution found by NotInHere · 2016-07-26 09:15 · Score: 4, Insightful
  
  I hate wireless everything because it means that each of these devices has batteries I have to care about. Plus, this pairing bullshit. And the security for wireless keyboards is 100x worse than for wired ones, like observable here. Even if they use encryption (which on the outside, you can't easily find out), is the encryption secure? I doubt it uses something secure like AES because for low power devices usually weaker encryption is used. And even then issues remain. Do all keyboards of a model share the same secret key? If not, is the key non guessable? Unless I have looked at it, I won't trust them a bit. And which manufacturers actually document the protocol down to this level.
  Sorry, but I do not want things to be wireless. I simply don't have the time to review each of these devices.
2. Re:Solution found by Tourney3p0 · 2016-07-26 09:17 · Score: 1
  
  That's great and all, but presumably some people DO want things to be wireless. That's probably why they bought it. For those people, I don't think it's unreasonable to provide a secured connection.
3. Re:Solution found by NotInHere · 2016-07-26 09:27 · Score: 1
  
  I do agree, wireless devices should be secure. Just right now, the missing security is a problem for me.
4. Re:Solution found by shaitand · 2016-07-26 09:31 · Score: 1
  
  This the battery issue a show stopper. Then there is the lag which would be a show stopper for a gamer.
  
  Wireless network links suck as well. I use them for mobile devices because you don't transit much data there but having wifi definitely has not eliminated the need for faster and lower latency wired links around the house.
5. Re:Solution found by mspohr · 2016-07-26 10:02 · Score: 2
  
  I've used a Logitech K760 for years. It's Bluetooth and has a small solar cell array across the top so it's always charged. Never have to worry about changing batteries. Has been 100% reliable used with various computers I've had over the years (currently Chromebook and MacBook Air). (Also, since it didn't make the list of vulnerable proprietary keyboards and it's Bluetooth, it should be more secure.)
  Wireless really is better
  
  --
  I don't read your sig. Why are you reading mine?
6. Re:Solution found by AaronW · 2016-07-26 10:05 · Score: 1
  
  I've been fairly happy with my Logitech wireless home theater keyboard. I believe it uses AES encryption and uses USB for charging. There also isn't any pairing to deal with either, just plug in the tiny USB receiver.
  Document covering Logitech wireless encryption.
  
  --
  This post is encrypted twice with ROT-13. Documenting or attempting to crack this encryption is illegal.
7. Re:Solution found by sims+2 · 2016-07-26 10:10 · Score: 1
  
  Wireless keyboards typically have extremely good battery life the alkaline batteries in the dell wireless keyboard I'm typing on now are over a year old.
  It has no noticeable delay and no wakeup resync delay.
  All aren't equal though I have a $20 mini htpc mouse keyboard combo that is rechargeable It runs two days on a charge at the most.
  Wifi? If it's important it gets a wire.
  
  --
  Minimum threshold fixed. Thanks!
8. Re:Solution found by drinkypoo · 2016-07-26 11:14 · Score: 2
  
  The crappiest encrypted bluetooth keyboard is better than virtually any of these proprietary wireless systems, almost none of which use encryption and virtually all of which use common off-the-shelf wireless chips.
  Logitech has something called secure connect, no idea if that is worth a crap. Not tested here, unfortunately. Their normal non-bluetooth wireless is known to be insecure, however.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
9. Re:Solution found by Darinbob · 2016-07-26 12:05 · Score: 2
  
  Agreed. I never wanted a wireless keyboard from the first day they existed, for three reasons. The pain of having to change and hunt down batteries, the utter and complete lack of security, and because it's pointless to be wireless. So other people just NOW realized there were security problems? Were these the same people who were surprised that their parents could see their drunken party photos on facebook?
10. Re:Solution found by Darinbob · 2016-07-26 12:08 · Score: 1
  
  I suspect the vast majority of people wanting a wireless keyboard only wanted it because it was new and cool, and not for any practical reasons.
11. Re:Solution found by donaldm · 2016-07-26 13:41 · Score: 1
  
  Agreed. I never wanted a wireless keyboard from the first day they existed, for three reasons. The pain of having to change and hunt down batteries, the utter and complete lack of security, and because it's pointless to be wireless. So other people just NOW realized there were security problems? Were these the same people who were surprised that their parents could see their drunken party photos on facebook?
  Depends on your computing needs. Personally, I prefer wireless to cables and as for hunting batteries my Logitech MK710 and matching mouse I only need to change them every one to two years. I also have a popup display that tells me their battery strength. My keyboard is also encrypted between itself and the unifying receiver.
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
12. Re:Solution found by greenfruitsalad · 2016-07-26 21:01 · Score: 1
  
  not only is logitech encrypting the communication, they actually release security updates when vulnerabilities are discovered. https://threatpost.com/mouseja...
13. Re:Solution found by drinkypoo · 2016-07-26 23:53 · Score: 1
  
  not only is logitech encrypting the communication, they actually release security updates when vulnerabilities are discovered. https://threatpost.com/mouseja...
  They're NOT meaningfully encrypting the communications between their universal receiver and their devices; only bluetooth devices have meaningful encryption, and it's considered breakable anyway. That fix was for mousejacking.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
14. Re:Solution found by AmiMoJo · 2016-07-27 00:01 · Score: 1
  
  Even with batteries my wireless keyboard at work goes for about a year on a set, and the mouse maybe 6 months. It's worth it to just be able to chuck the keyboard out of the way when I want to write, and to free up some space where cables would need to pass.
  As for security, while it's obviously quite important I'd point out that I rarely type any of my passwords these days. They are mostly very long and impossible to remember, and simply copy/pasted out of Keepass.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
15. Re:Solution found by shaitand · 2016-07-27 03:24 · Score: 1
  
  Batteries failing at a random moment in the middle of a random task and with unknown consequences is an issue. The last time I tried a wireless keyboard it was more like every 3-6 months but it's likely improved.
16. Re:Solution found by Mr_Wisenheimer · 2016-07-29 05:00 · Score: 1
  
  It sounds like two of the biggest manufacturers of "good" wireless keyboards (Microsoft and Logitech) are encrypting their transmissions. I'm not surprised to find that Chinese bottom-dwellers like Insignia (Best Buy store brand) does not care about such things. I am a bit more surprised by big corporate vendors like HP.
Wireless range by phorm · 2016-07-26 08:55 · Score: 2

I'm fairly sure that these rely on the "signal that can barely reach my couch let along outside my house" method of "security" :-)
1. Re:Wireless range by dattaway · 2016-07-26 10:36 · Score: 2
  
  Never underestimate the power of a high gain directional antenna. The chip antennas in the USB dongles aren't that great.
2. Re:Wireless range by AHuxley · 2016-07-26 13:26 · Score: 2
  
  The device range is tested, tuned, looked for, amplified by another device to just outside the building.
  Collection is then just a local device away e.g. UK spied on Russians with fake rock http://www.bbc.com/news/world-... "contained electronic equipment and had been used by British diplomats to receive and transmit information".
  Thats how the range problem is never an issue. The real trick is getting nations, people, groups to use and trust leaky fully imported wireless devices.
  
  --
  Domestic spying is now "Benign Information Gathering"
Wireless Keyboards by thevirtualcat · 2016-07-26 08:56 · Score: 1

I always assume wireless keyboard are cheap consumer products built by the lowest bidder and designed by people whose primary interest is getting a product out the door in advance of or for the next big release of whatever their company's actual product is.
Most wireless keyboards' performance reflects that. It doesn't surprise me in the slightest their security is similar.
1. Re:Wireless Keyboards by Strudelkugel · 2016-07-26 09:08 · Score: 1
  
  I always assume wireless keyboard are cheap consumer products built by the lowest bidder and designed by people whose primary interest is getting a product out the door in advance of or for the next big release of whatever their company's actual product is.
  Right, I have always wondered about this, which is why I don't use a wireless keyboard for passwords even when it is available. (Yes that means using two keyboards at times.)
  But my question: Has anyone studied how secure keyboards from Logitech, Apple, Microsoft and Dell are? You would think the big vendors would say something about it in their product descriptions, but I have never found anything on security. Anyone work for a keyboard manufacturer who can enlighten us?
  
  --
  Imagine how much harder physics would be if electrons had feelings! -Feynman, maybe
2. Re:Wireless Keyboards by JesseEnjaian · 2016-07-26 09:26 · Score: 1
  
  The problem is public key algorithms are too computationally expensive to do, so they're left, usually, with AES (symmetric -- pre-exchanged key). But the key-exchange for AES is hard/impossible to do without adding something else into the solution. In the end, yeah, they don't want to pay to do all that (and most buyers don't really care).
3. Re:Wireless Keyboards by Threni · 2016-07-26 09:27 · Score: 2
  
  It's like any software that comes with hardware. Printer software, camera software, random usb device software. It's always shit, written by some fucking idiot in china (nowadays it'll be their fuckwit cousin in India). When you pay for software it's usually fine otherwise the vendor will go out of business but the only requirement for "software that comes with hardware" is that it's legally functional; that is, it's not so useless that it allows the customer to immediately get their money back. That's a pretty low bar. It used to be limited to just those bits of hardware, but with the Internet of Shitty Cheap Things millions of people are going to experience this really, really software. I imagine Stack Overflow has already invested in the servers and ssds required to process the sheer number of "i am having the problem reading from rest json i get the error pls fix me yes" posts.
4. Re:Wireless Keyboards by thevirtualcat · 2016-07-26 10:28 · Score: 2
  
  Based on my cursory Googling:
  Microsoft keyboards have been broken for a while.
  http://arstechnica.com/securit...
  Logitech apparently actually uses 128-bit AES, though the question of how they generate their symmetric key isn't exactly answered in a way that's satisfying.
  http://www.logitech.com/images...
  Not sure about Dell. Couldn't find much on their keyboards with my cursory Googling. They seem to mostly rebrand other people's wireless keyboards?
  And Apple keyboards all seem to be bluetooth.
5. Re:Wireless Keyboards by Anonymous Coward · 2016-07-26 11:00 · Score: 1
  
  "But the key-exchange for AES is hard/impossible to do without adding something else into the solution."
  For dedicated wireless hardware the key can be set at the factory on both the dongle and the device. A strong master key should last the lifetime of the device, and can be used to exchange session keys chosen at intervals appropriate for the application and power requirements of the device.
wishful thinking on the author's part by gmack · 2016-07-26 08:56 · Score: 1

I doubt they will withdraw these from the market. Odds are they will do the same thing the last time issues like this became public: pretend nothing is wrong and keep selling the devices to unsuspecting users.
No shit sherlock by OzPeter · 2016-07-26 09:00 · Score: 5, Interesting

In 2001 Security - Logitech Wireless Mice & Keyboards Can Be Sniffed
In 2007 Wireless Keyboard "Encryption" Cracked
And In Feb 2016 Mousejack Attacks Exploit Wireless Keyboards and Mice
And I am sure there are plenty more stories on slashdot just on this subject

--
I am Slashdot. Are you Slashdot as well?
Even better... by Penguinisto · 2016-07-26 09:01 · Score: 1

...use a laptop; it comes with a keyboard at no extra cost.
(what?)

--
Quo usque tandem abutere, Nimbus, patientia nostra?
1. Re:Even better... by ShanghaiBill · 2016-07-26 09:30 · Score: 1
  
  ...use a laptop; it comes with a keyboard at no extra cost.
  ... except for the thousands of dollars in medical expenses and lost wages when you develop carpal tunnel syndrome. I use a keyboard about 10 hours per day. There is no way I am going to do that with the crappy chiclet keyboard that came with the laptop. Also, using a built in keyboard is awkward with my 43" 4k external display.
2. Re:Even better... by donaldm · 2016-07-26 13:28 · Score: 1
  
  ...use a laptop; it comes with a keyboard at no extra cost.
  (what?)
  Not if that laptop comes with Microsoft Windows 10, it has a perfectly good keystroke logger that is turned on by default.
  At least a desktop is fully upgradable if you so desire, unlike a laptop which has limited upgradability usually in memory and storage. Comparing performance and price a desktop wins over a laptop all the time. The only thing the laptop wins is in portability.
  
  --
  There ain't no such thing as proprietary standards only proprietary formats. Standards are by definition open.
3. Re:Even better... by ArmoredDragon · 2016-07-26 16:15 · Score: 2
  
  except for the thousands of dollars in medical expenses and lost wages when you develop carpal tunnel syndrome.
  You aren't likely to develop carpal tunnel syndrome unless you're already predisposed to the condition, which is usually predicted by having a more square wrist than a more rectangular one, in addition to other anatomical features in your hand, such as its relative height and width.
  And if you are predisposed to it, then lots of actions (ranging from writing to beating the captain) can cause it when repeated often.
  If you aren't predisposed to it however, then you aren't likely to ever get it no matter how much you write, type, or polish the pewter.
Make your own submission by hattable · 2016-07-26 09:04 · Score: 1

[Technology] that [doesn't use encryption] is [vunerable] to [some type of data sniffing tool]

Security researchers at firm [pick a company] have [discovered] a [flaw/bug/exploit] [enabling] the collection of [data...of which we will enumerate all types to drive the point home: passwords, logins, keystrokes, pin codes, secure access numbers, credit card information, birthdays, AC posts, or even missile launch codes!]

--
OMG facts!
"...most vendors failed to respond..." by turkeydance · 2016-07-26 09:06 · Score: 1

copy and paste
That was one of the details wardriving and later.. by Anonymous Coward · 2016-07-26 09:16 · Score: 1

wireless snooping techniques confirmed: The limitations for household wireless services are strictly due to the antennas in use. Build a big/sensitive enough antenna or array of antennas and you can accurately recieve and decode most if not all of the signals, even if the consumer devices in question can't pick them up despite being much closer together.
Just because cheap electronics seem low range given the endpoints you have available doesn't mean they actually *ARE* low range for an adversary dedicated to snooping on their transmissions. That is the cornerstone of using enclosures meeting TEMPEST specifications. Anything less and a dedicated adversary can find a method to snoop (even if it is some weird EM leak from one slightly miswelded or corroded corner.) While you as an individual can probably get away with far less that a proper TEMPEST shielded room or enclosure, you should *NOT* assume any wireless device without known good encryption is secure for the transmission of anything that could compromise you or your computer's security. Because anything typed on wireless keyboard/mouse hardware COULD.
In case you were curious about Logitech keyboards by Anonymous Coward · 2016-07-26 09:18 · Score: 2

https://forums.logitech.com/t5/Keyboards-and-Keyboard-Mice/Wireless-keyboard-stream-encryption-scrambling-encoding/td-p/584316
TL;DR: Logitech devices using both bluetooth and the unifying receiver are encrypted by default. Glad I don't have to toss out a bunch of devices.
Re:That was one of the details wardriving and late by Waffle+Iron · 2016-07-26 09:40 · Score: 1

With the right antennas, NASA routinely deciphers transmissions sent with a power comparable to a CB radio coming from three times the distance to Pluto.
Re:"there doesn't appear to be a way to actually f by ShanghaiBill · 2016-07-26 09:44 · Score: 2

Yes, there is.
No there isn't.

Simple encryption with a companion driver doing the decryption.
Nobody expects to install a driver to use a keyboard. So they will buy the unencrypted KB from a competitor that JUST WORKS.

It would take a fifty cent chip
Wireless keyboards are under $20 retail, about half that in bulk, and margins are thin. It is likely that the OEM isn't even making 50 cents per piece. Why should they incur that expense for near zero additional sales? Anyone that cares about security isn't using a wireless keyboard, encrypted or not.
Did anyone think they did? by holophrastic · 2016-07-26 09:51 · Score: 3, Interesting

I don't suspect that anyone ever thought that they did. Hey, my wired keyboard can be snooped on from up to a million feet above, with nothing more than a child's telescope. Good thing I'm not a target, because there's also a window nearby. Can you imagine typing on a laptop on a park bench? Martians with telescopes could see my slashdot password!
Or, they could have better things to do.
No mention of Logitech by BenJeremy · 2016-07-26 09:55 · Score: 1

I'd much prefer to hear about the keyboards that did pass the test and encrypt transmissions. Logitech, easily as popular as Microsoft and more popular than ANY of the named brands, wasn't tested? Why not?
1. Re:No mention of Logitech by drinkypoo · 2016-07-26 11:11 · Score: 2
  
  Logitech, easily as popular as Microsoft and more popular than ANY of the named brands, wasn't tested? Why not?
  Their hardware is already known to be vulnerable.
  If your keyboard doesn't use bluetooth, it is certainly vulnerable.
  If your keyboard does use bluetooth, it might still be vulnerable.
  
  --
  "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Better headline by cfalcon · 2016-07-26 09:57 · Score: 1

Popular Wireless Keyboards From HP, Toshiba and Others Don't Use Wire, Can Be Easily Snooped On
I know it's a popular joke, but it's absolutely real. If you are mildly concerned, wire beats crypto wireless, because you can implement crypto wrong a million ways, and implementing a wire wrong is not that common. Meanwhile, versus adversaries that can read the wire somehow, you'd want a wired crypto keyboard, which I'm not aware of existing.
1. Re:Better headline by jetkust · 2016-07-26 10:04 · Score: 1
  
  I know it's a popular joke, but it's absolutely real. If you are mildly concerned, wire beats crypto wireless, because you can implement crypto wrong a million ways, and implementing a wire wrong is not that common.
  So how are you going to go about wiring your cellphone?
Trusty Model-M by Khyber · 2016-07-26 11:10 · Score: 1

Still works after all these years, still secure from wireless snooping.

--
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
1. Re:Trusty Model-M by GuB-42 · 2016-07-26 11:47 · Score: 1
  
  Not really secure from acoustic snooping though...
2. Re:Trusty Model-M by Walter+White · 2016-07-26 12:43 · Score: 1
  
  My model M uses a PS/2 connector. I have an older Northgate keyboard that does have the DIN plug. Strangely enough, the M on the Northgate keyboard is not working well. Hmmm...
How About Bluetooth Keyboards by kamaaina · 2016-07-26 11:10 · Score: 1

I know you can pair blue tooth devices, but are newer versions of blue tooth like 4.0 encrypted and protected against someone listening in?
Also does encryption reduce battery life on the keyboard? I stopped using 2.4Ghz wireless keyboards when someone in my house and I interfered with each others keyboards. Since then we have pretty much gone wired. But I would like a wireless keyboard for a PC connected to our TV.
1. Re:How About Bluetooth Keyboards by spydir31 · 2016-07-27 21:51 · Score: 1
  
  Bluetooth 2.1 and up are pretty good security wise, links are always encrypted and pairing with SSP can also protect you from an MITM attack. (e.g. using numeric comparison or passkey entry is secure from MITM. See the relevant wikipedia page for specifics.)
  Since encryption is required (and usually done in dedicated hardware), there shouldn't be a difference in battery life.
Re:That was one of the details wardriving and late by Waffle+Iron · 2016-07-26 11:27 · Score: 1

I'm sure that a makeshift homebrew directional antenna could sniff these signals out in a suburban or office park area just fine.
Even in your high-rise case, the signal could be narrowed down to a small subset of all devices. Processing the sum of a few signals to pick out "words" shouldn't be too hard, either.
Not to mention, I said three times the distance to frigging PLUTO. Presumably, attackers could get within 100m of most targets. I don't think you realize how much easier that is.
Re:That was one of the details wardriving and late by SumterLiving · 2016-07-26 11:44 · Score: 2

Holy shit, my neighbor put up 123 different antennas directed at my rural home about two years ago. The three acre array seemed suspicious but I'm a trusting guy. Time to do away with my wireless keyboard.
Re:In case you were curious about Logitech keyboar by Anonymous Coward · 2016-07-26 11:46 · Score: 2, Insightful

Too bad Bluetooth's encryption is still so easy to break.
Re:That was one of the details wardriving and late by bug1 · 2016-07-26 13:04 · Score: 1

Also they have direct line of sight, which an attacker is very unlikely from the USB dongle, they have to look for reflections.
Wired by aglider · 2016-07-26 18:54 · Score: 1

This is a reason among others why I still use wired keyboard, mouse and earpieces.

--
Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
HP wireless keyboards ancient vulnerability by knorthern+knight · 2016-07-26 23:04 · Score: 1

November 2002
http://www.theregister.co.uk/2...
January 2003
http://www.theregister.co.uk/2...

--

I'm not repeating myself
I'm an X window user; I'm an ex-Windows user
Creating a problem for a solution by MercTech · 2016-07-29 02:44 · Score: 1

It seems that the cited article is touting a solution in search of a problem.
How many computers that process secure information have wireless keyboards? How many computers that process sensitive information and have wireless keyboards are within 250 feet of an area where a person can set up a surreptitious sniffer system? Yep, the keyboard issue is really a non issue. Especially as wireless keyboards, in reality, have a range that is less than three meters. My bright idea of hooking the laptop up to the big screen TV and using a wireless mouse and keyboard from the couch across the room turned into a study in lag and lost connection. The system worked great if you pulled up a char right in front of the TV but not from across the room.
Now, the real issue is why any company would use a Zigbee system for a home security installation. Surely no one with ulterior motives would hack a system designed to switch your lights on and off when it was used for a security installation. That sounds as secure as the old HSPA driven home security systems that only had four micro-switch settings for encryption. A $7.95 Radio Shack controller would let you switch it on and off and you only had four encryption settings to try for a brute force attack.
You have to admit, "Zigbee" has a buzzier feeling than the systems for home automation that have been around for decades. Anyone remember the infamous spamming by www.x10.com ?

--
NRRPT/RCT