Your wireless keyboard could be giving your secrets away
Every keystroke you make on some wireless keyboards can be spied on by hackers, according to research released this week by the US cyber security firm Bastille.
The “vast majority” of low-cost wireless keyboards are vulnerable to an attack that researchers have dubbed “KeySniffer,” according to the company.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Marc Newlin, the researcher who discovered the vulnerability.
“Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight (two-thirds) were susceptible to the KeySniffer hack.”
The attack allows hackers up to 75m away to eavesdrop on people as they type - potentially sucking up credit card numbers, usernames, passwords and personal information shared with confidants, according to the researchers.
The heart of the problem is that the connections between computers and the identified keyboards don’t use encryption, unlike more costly models, and are left vulnerable to a hacker with special equipment costing less than $100 (R1 400).
The issue does not affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures, according to Bastille.
However, the company said some keyboards from major manufacturers, including HP and Toshiba, that rely on radio signals are vulnerable.
In HP’s case, Bastille found that its HP Wireless Classic Desktop keyboard was vulnerable, while Toshiba’s PA3871U-1ETB wireless keyboard was also affected. HP and Toshiba did not immediately respond to a request for comment.
Kensington, the maker of another vulnerable keyboard called the Kensington ProFit Wireless Keyboard, released a statement saying it has taken “all necessary measures to close any security gaps and ensure the privacy of users” and has released a firmware update for the device that includes encryption. The affected devices are from Anker, EagleTec, General Electric, HP, Insignia, Kensington, Radio Shack and Toshiba.
Bastille says it reached out to manufacturers before going public with its research but many of the devices aren’t able to be updated to defend against the attacks.
The cyber security firm recommends replacing the keyboards with Bluetooth or wired models.
It remains unclear whether any of the keyboard makers plans to offer refunds or replacements to consumers who bought the vulnerable models. – Washington Post
Your wireless keyboard could be giving your secrets away.