Your Wireless Keyboard Could be Doing Way More Than It Says on the Box


We spent months on discussing the (de) merits of Windows 10 and its obsession with keylogging. However, it's not just the operating systems, apps or web services that we need to be critical about when it comes to our data security and privacy. As we see the rise of the Internet of Things (IoT) devices, we are also experiencing a surge in the attacks that are targeted at these devices. Forget your webcams, your refrigerator, or even your home security systems. As small and innocuous it may look, your wireless keyboard could be giving away your secrets.

How attackers can hack wireless keyboards to log keystrokes

We should be able to trust the computers, mobile phones and their accessories since we rely on them more than anything else. However, wireless keyboards from several different vendors have been discovered to be intercepting and injecting keystrokes. Security researchers have warned that wireless computer accessories don't use encryption when communicating, making it possible for remote attackers to send their own commands to the target computer, and/or intercept the keystrokes.

Researchers at IoT security company Bastille have discovered a new attack method, KeySniffer. The team plans to talk about this new attack technique at the Defcon hacker conference in August. But, they have shared some details of the attack that allows any attacker with a $12 radio device to intercept the connection between wireless keyboards and a computer. Once in, the hacker could potentially type keystrokes and silently record the victim's typing too. Earlier in the year, Bastille shared another security vulnerability called MouseJacking. MouseJacking allowed hackers to interject keystrokes, possibly taking control of the devices. The latest technique is so worse though.

Affected devices and how this works

Bastille has tested non-Bluetooth wireless keyboards from 12 manufacturers. The firm concluded that at least eight of them are vulnerable to KeySniffer attacks. Cheaper wireless keyboards from HP, Toshiba, Kensington, Radio Shack, Anker, Insignia, General Electric, and EagleTech are in the vulnerable category. However, higher-end keyboards from Lenovo, Dell and Logitech remain immune to KeySniffer attack techniques.

Researchers explained that instead of using Bluetooth to connect to a computer, some companies rely on using unencrypted radio communication protocols to save money. But these alternatives haven't gone through extensive testing or support better encryption that is built into Bluetooth standard. "We were stunned. We had no expectation that in 2016 these companies would be selling keyboards with no encryption," Ivon O'Sullivan, chief research officer Bastille comments.

Since the affected keyboards send keystrokes in clear text, the attacker could use a long-range USB radio dongle to record all the victim's keystrokes. Email addresses, usernames, passwords, bank details - it's basically a security nightmare. If that wasn't enough, criminals can also exploit KeySniffer to inject their own keystrokes. Say hello to malware, ransomware and a number of other wares.

As we have repeatedly said, IoT devices clearly lack a proper mechanism through which they can be updated. The security research firm shared the same concerns that it would be difficult to "patch" these vulnerable wireless keyboards. The best a user could do is to go back to wired keyboards, or those that use Bluetooth for communications.