Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Wireless Keyboards Vulnerable to Sniffing, Injection Attacks

Wireless keyboards from several vendors don’t use encryption when communicating with their USB dongle, allowing remote attackers to intercept keystrokes or send their own commands to the targeted computer.

Wireless keyboards from several vendors don’t use encryption when communicating with their USB dongle, allowing remote attackers to intercept keystrokes or send their own commands to the targeted computer.

The attack method, dubbed KeySniffer, was discovered by researchers at IoT security company Bastille. Experts tested non-Bluetooth wireless keyboards from 12 manufacturers and determined that devices from eight of them are vulnerable to KeySniffer attacks.

Bastille said the affected products are inexpensive wireless keyboards from HP, Toshiba, Insignia, Kensington, Radio Shack, Anker, General Electric and EagleTec. It’s possible that products from other companies are impacted as well. Experts determined that higher-end keyboards produced by firms like Lenovo, Dell and Logitech are not affected as they encrypt communications.

KeySniffer attacks are possible because some keyboard manufacturers use unencrypted radio communication protocols. Experts have demonstrated that an attacker using equipment worth less than $100 can launch attacks from distances of up to 250 feet.

Since the affected keyboards send keystrokes in clear text, a remote attacker can use a widely available long-range USB radio dongle, such as Crazyradio PA, to intercept communications. Since the vulnerable devices continuously transmit radio packets – regardless of whether the user is typing or not – it’s easy for an attacker to scan a building or an open space for potential targets.

Researchers have demonstrated that an attacker can easily capture all the victim’s keystrokes and then search the obtained strings for valuable information, such as email addresses, usernames, passwords, and payment card information.

KeySniffer attack

In addition to eavesdropping, an attacker can exploit KeySniffer to inject their own keystrokes, which can allow them to install malware, steal data or conduct other activities on the victim’s device.

Bastille has informed the affected vendors about the vulnerability, but the company believes there is nothing that can be done in most cases since the devices don’t support firmware updates. Kensington informed the security firm that it has released a firmware update to address the issue.

Advertisement. Scroll to continue reading.

This is not the first time Bastille has found such vulnerabilities. Earlier this year, the company warned that wireless mice and keyboards from several top vendors were vulnerable to so-called MouseJack attacks, where malicious actors send key press packets to a targeted computer through the affected device’s USB dongle in an effort to conduct arbitrary actions. MouseJack is particularly effective against wireless mice because these devices typically don’t use encryption and proper authentication mechanisms.

The MouseJack vulnerability was found to affect more than 80 percent of organizations. Several vendors, including Microsoft, Logitech and Lenovo, released firmware updates to address the weakness, while others provided recommendations on how to mitigate the threat.

Related: Serious Vulnerability Affects Over 120 D-Link Products

Related: Wireless ISP Modems Plagued by Serious Vulnerabilities

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights