How to Steal Keystrokes from Millions of Wireless Keyboards

Wireless keyboards are a great convenience. However, they are also insecure. Most Bluetooth keyboards radiate signals in all directions for a MINIMUM of 30 feet and some of them can send as far as 100 meters or 328 feet. A few may transmit even further.

NOTE: Class 1 Bluetooth devices transmit at 100 milliwatts (on-tenth of a watt) which results in a standard range of approximately 100 meters or 328 feet, range is comparable to that of an 802.11b WLAN device. Class 1 devices are most commonly implemented in devices where power is plentiful, such as laptop and desktop systems. However, most Bluetooth keyboards transmit with less than 100 milliwatts.

A hacking tool called Keysniffer allows any hacker with a $12 radio device to intercept the connection between any of eight wireless keyboards and a computer from 250 feet away. What’s more, it gives the hacker the ability to both type keystrokes on the victim machine to and silently record the target’s typing. All this works by intercepting keyboard keystrokes. Use of a VPN (virtual private network) or other security software is ineffective against Keysniffer.

By using Keysniffer, a hacker can record your:

  • Credit card numbers, expiration date, CVV code
  • Bank account usernames and passwords
  • Answers to security questions: name of your first pet, mother’s maiden name, etc.
  • Network access passwords
  • Any secrets: business or personal typed into a document or email

Keyboards from Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec have been found to be vulnerable to Keysniffer. Bastille, the company that discovered and publicized the vulnerability, states:

“Please note: we have tested the above products, but this should not be considered an exhaustive list of all vulnerable keyboards. There may be other brands/models that are vulnerable to this, or other attacks.”

If your home is in the country with no neighbors within 328 feet, your risk probably is reduced to people within your home. However, if you are in an apartment building, a dormitory, a hotel, at the airport, or within most urban neighborhoods and if you are using a wireless keyboard, your neighbor easily could be monitoring everything you type, including URLs, user names, and passwords.

The solution? Use a wired keyboard, not a wireless one.

You can read more in an article in BusinessWire at http://goo.gl/FJJx8n and at the Bastille web site at http://www.keysniffer.net.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s