A vulnerability just discovered by the U.S. startup Bastille Networks may give cybercriminals access to anything you type using your wireless keyboard, even if you take your security seriously.
According to Sophos’ Naked Security blog, this vulnerability, called KeySniffer, allows anyone to record your keystrokes because they are not encrypted by the wireless keyboard before being transmitted to your computer. Encryption essentially scrambles a message, in this case, what you’re typing, as it goes from one location to another. This encrypted message is then descrambled by the receiver. Some wireless keyboards are sending data without this protection.
Hackers with a piece of inexpensive equipment — like this $30 dongle — just need to turn it on close by to listen in on the transmitted text going from your wireless keyboard to your device. The worst part? You won’t even be able to tell it’s happening.
Bastille found that this vulnerability affects keyboards made by eight of the twelve manufacturers they tested, including HP and Toshiba. If your keyboard connects to your device via Bluetooth, you’re safe from KeySniffer, but if it uses a USB dongle for connectivity, it might be on the list. You can check to see if your wireless keyboard is exposed here.
Unfortunately, manufacturers won’t be able to send out a quick security update to fix the problem, so the only solution for users concerned about this particular attack is to stop using the keyboard altogether.
Bastille previously found a similar vulnerability within wireless dongle-connected mice and keyboards and dubbed it “Mousejacking.” Over a billion of these devices allow cybercriminals to take a more active approach to hacking your devices by taking over your computer to type or click whatever they please. In this security flaw, hackers send a seemingly legitimate signal to the peripheral’s dongle, which, more often than not, the device determines the signal to be coming from the mouse or keyboard, rather than from an illegitimate source. (Find out if your mouse is affected in our story.)
While many of these keyboard and mice peripherals are inexpensive, it’s clear that manufacturers need to take the security of these devices seriously so their customers — and their data — don’t fall victim to cybercriminals.
[Image credit: Zaenani Trianto/Flickr]