Big-name wireless keyboards open to silent eavesdropping

Wireless keyboards from popular hardware vendors are wide open to silent interception at long distances, researchers have found, without users being aware that attackers can see everything they type.

Bastille Research said the keyboards transmit keystrokes across unencrypted radio signals in the 2.4 GHz band, unlike high-end and Bluetooth protocol keyboards, which transmit data in an encrypted format, making it more difficult for attackers to intercept the scrambled keystrokes.

It means attackers armed with cheap eavesdropping devices can silently intercept what users type at distances of 50 to 100 metres away.

Such interception could reveal users' passwords, credit card numbers, security question replies and other personally sensitive information, Bastille said. Users would have no indication that the traffic between the keyboard and the host computer was intercepted.

Furthermore, attackers could inject keystrokes of their own into the signals, and type directly onto users' computers. Again, the attack would be unnoticeable to users in most cases.

Bastille tested eight keyboards from well-known vendors such as Toshiba, Hewlett-Packard and General Electric, but added that input devices from other vendors may also be vulnerable.

Of the eight vendors, only General Electric and Kensington responded to Bastille about the vulnerability. GE said customers who own its 98614 wireless keyboard and mouse combination can return it for a refund.

Kensington said its Pro Fit Wireless Desktop Set K72324 will get updated firmware with AES encryption enabled, and asked customers to visit the company's website for a patch.

The vulnerable keyboards use undocumented transceivers from MOSART Semiconductor and Signia Technologies; keyboards from General Electric/Jasco use unknown transceivers, Bastille said.

None of the transceivers in the keyboard support firmware updates and therefore cannot be upgraded to provide encryption.

Wireless input devices have long been a security bugbear: in 2007, Swiss researchers Dreamlab cracked the weak encryption key used in older Microsoft keyboards and were able to intercept keystrokes.

Earlier this year, Bastille analysed wireless mice from Lenovo, HP, and Dell, and found that they could intercept and manipulate the unencrypted radio signals at a distance of 180 metres.

Bastille recommended that users switch to Bluetooth keyboards that transmit signals to the host computer with encryption, or wired input devices, to avoid information interception.