Wireless Keyboards Handy For Hackers, Too
Security experts have found a way to intercept information from Microsoft's wireless keyboards, and warn that other brands could also be at risk.
The affected keyboards don't use the popular Bluetooth technology, but instead broadcast on a very short radio frequency. Most surprisingly, the encryption appears to be shockingly weak.
It turns out that much only the keystrokes themselves are encrypted, not any of the background information such as that used to synchronise the keyboard and computer. Shockingly, the same encryption key (the code needed to decipher the data) is used for the entire session and doesn't change until the next time the keyboard is switched on.
And worst of all, the encryption key is a single byte, which is a number merely eight digits long. That may sound difficult to guess but, unlike an ATM PIN code, an encryption key is binary, so each digit can only be a 1 or a 0. That means there are only 256 possible codes used to secure the information.
Experts from security firm Dreamlab Technologies, which uncovered the weak encryption, carried out a practical experiment using a radio receiver, a computer soundcard and some software to convert the radio waves into computer data. They then had their computer simply try each possible code in order until they cracked the encryption key, which only took a matter of moments. From this point on they could capture everything the user was typing. (Source: theregister.co.uk)
The researchers will now try the technique with other brands of wireless keyboard such as Logitech, but don't expect them to be any more secure. (Source: vnunet.com)
Given that information sent wirelessly can literally be plucked out of the air, security is all-important. Most security systems used for wireless networking is too complicated to be broken into, but clearly wireless keyboards aren't as secure. For those that are extremely anal about this kind of threat, it's probably safest not to use a wireless keyboard to type anything that you wouldn't be happy to tell a stranger.
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.