Security experts from Bastille firm have devised a method of attack dubbed KeySniffer to remotely intercept keystrokes or send commands to a targeted computer. The researchers have analyzed non-Bluetooth wireless keyboards from 12 manufacturers discovering that the majority of them doesn’t use encryption while communicating with their USB dongle.
“KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors. The wireless keyboards susceptible to KeySniffer use unencrypted radio communication, enabling an attacker up to several hundred feet away to eavesdrop and record all the keystrokes typed by the victim.” reads the blog post published by Bastille. “This means an attacker can see personal and private data such as credit card numbers, usernames, passwords, security question answers and other sensitive or private information all in clear text. The equipment needed to do the attack costs less than $100 putting it in reach of many teenage hackers.”
The list of affected devices includes wireless keyboards from Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack, and Toshiba.
The researchers verified that keyboards from Dell, Lenovo, and Dell are not vulnerable to the KeySniffer attack because these manufacturers encrypt communications.
Is it easy to exploit the lack of encrypted communication in order to launch a KeySniffer attack?
The researchers from Bastille demonstrated that attackers using equipment worth less than $100 could launch the attack from distances of up to 250 feet.
A long-range USB radio dongle, such as Crazyradio PA, could be used by a remote attacker to intercept unencrypted communications.
The KeySniffer attack differs from previously analyzed vulnerabilities affecting wireless keyboards that were requiring the attacker to first observe radio packets transmitted when the victim typed on their keyboard.
The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals allowing an attacker to easy spot a vulnerable device and capture data that are sent even when the victim isn’t at the keyboard.
“The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals, enabling an attacker to quickly survey an environment such as a room, building or public space for vulnerable devices regardless of the victim’s presence. This means an attacker can find a vulnerable keyboard whether a user is at the keyboard and typing or not, and set up to capture information when the user starts typing.” continues the analysis published by Bastille.
The experts explained that the KeySniffer attacker could be exploited also to inject keystrokes and deliver malware or conduct other malicious activities on the target system.
Experts from Bastille already reported the issue to manufacturers of vulnerable wireless cable keyboards.
In February, Bastille demonstrated how to hack computers by exploiting a flaw in many wireless mouse and keyboard dongles, in that case, the company warned that wireless mice and keyboards from several top vendors were vulnerable to so-called MouseJack attacks.
The MouseJack vulnerability was found to affect more than 80 percent of organizations. Several vendors, including Microsoft, Logitech, and Lenovo, released firmware updates to address the weakness, while others provided recommendations on how to mitigate the threat.
(Security Affairs – KeySniffer, hacking)