Shocker: wireless keylogging is quite easy

by Evan Blass, posted Dec 3rd 2007 at 9:15AM

Well as usual, with the benefits of wireless technology come detriments in the form of security holes, and now a pair of researchers from Dreamlab have proven just how easy it is to sniff out the transmissions broadcast by RF keyboards. According to their whitepaper, "27MHz keyboard insecurities," Max Moser and Philipp Schrödel claim that keystroke signals sent from Microsoft's Wireless Optical Desktop 1000 and 2000 are encrypted with a simple one-byte offset cipher -- meaning that there are only 256 possible keys, with less than 50 sample strokes needed for decryption. And in case you thought you were safe with a non-Microsoft board, think again: Team Dreamlab is busy hacking Logitech's "Secure Connect" protocol as we speak. [Warning: PDF link]

[Via Hack-A-Day]

Filed under: Peripherals, Wireless

Tags: hacking, input devices, InputDevices, keyboards, microsoft, security, wireless

Relevant Posts

Win a Lexmark X7675 wireless printer and two cartridges (46 days ago - 5741 Comments)
Microsoft's "I'm a PC" ad gently alights upon the airwaves (23 days ago - 471 Comments)
Poll: New iPods vs. new Zunes, what're you buying? (31 days ago - 274 Comments)
Seinfeld and Gates get in touch with regular folks (30 days ago - 260 Comments)
Seinfeld and Gates pair up for intense shoe-fitting session, cryptic advertisement (37 days ago - 265 Comments)

Subscribe to these comments

Reader Comments (Page 1 of 1)

Highly Ranked

Jagannath A @ Dec 3rd 2007 9:27AM

b82b14b46b86b84twwwwwwwwdadaaada ada adadwwwddwdwdwdaddwdz1z3z3z3z3x1x1x1x1x1x1x1x1x1x1wwwwwwwwwwwwwwwwwwwwwwwwwww wwwwwwwwwwwwwww wwwwwwwwwwwwwww adadadadadadadayWTF!!!!11111yhe hax

Highly Ranked

tyler @ Dec 3rd 2007 9:37AM

counter-strike is awesome :)

Low Ranked

thethirdmoose @ Dec 3rd 2007 9:42AM

...confused...

Highest Ranked

Kurian @ Dec 3rd 2007 9:44AM

Now to write a program that processes the sniffed keystrokes and renders a box on screen at the enemies predicted location.

Neutral

nog_lorp @ May 18th 2008 8:32PM

who the hell buys in the order of armor-deagle-rifle? Freak.

Kurian: its already made, its called Counterstrike :D, just pipe the input into another copy of the game. You would have to consider all spawn points though - or just have it draw the path from a random spawnpoint, and it would be obvious how it aligns to hallways.

Neutral

Kurian @ Dec 3rd 2007 9:44AM

And will be VAC Proof.

Highly Ranked

Kurian @ Dec 3rd 2007 11:44AM

GREAT!
Not only do we need to sit in sound proof rooms ( http://www.berkeley.edu/news/media/releases/2005/09/14_key.shtml )

We now need WEP for keyboards.

Highly Ranked

RC @ Dec 3rd 2007 9:46AM

So that's what that dude in the sunglasses was doing, standing 6 feet away from me while I was typing. ....I shouldn't have Googled what I Googled.

Highly Ranked

Jagannath A @ Dec 3rd 2007 1:37PM

google is no different from that dude in sun glasses....

Neutral

Mike @ Dec 3rd 2007 9:52AM

Makes me wonder what kind of encryption my BlueTooth keyboard is using, and who might be reading this right now :)

Neutral

David Clark @ Dec 3rd 2007 10:04AM

Security is dead.

I made the mistake of buying this media center optical keyboard that requires line of sight to a receiving USB IR receiver. Considering that it does good to work decently when its 1 foot away, I'm willing to bet nobody can sniff my typing from 6 feet out of the room.

Neutral

Cycomachead @ Dec 3rd 2007 10:13AM

Does this mean anything for BT keyboards?

Low Ranked

Cycomachead @ Dec 3rd 2007 10:13AM

Does this mean anything for BT keyboards?

Neutral

chedabob @ Dec 3rd 2007 10:17AM

Fat lot of use on those keyboards though: They have a range of like 1 meter.

Neutral

mattclarkie @ Dec 3rd 2007 11:46AM

I have tested the range on my Logitech RF, you would have to be in the room, which means you could just look over my shoulder. If someone was in my house they could do more that log my keystrokes.

Highly Ranked

Spyvie @ Dec 3rd 2007 11:16AM

That's what I was thinking...

The only way you could intercept keystrokes from an IR keyboard is to have an IR sensor in the room or attached to a window pointing into the room... might as well just use a camera looking over someones shoulder.

Neutral

auger282 @ Dec 3rd 2007 11:37AM

well you could always use a yagi directional sniffing antenna

Neutral

Billy Fiul @ Dec 3rd 2007 12:22PM

Thanks for that PDF warning. Had I clicked on it, my computer would have spontaneously combusted.

Neutral

mvp @ Dec 3rd 2007 12:24PM

This only makes me hate my keyboard even more...

Neutral

Reid Conti @ Dec 3rd 2007 12:29PM

I do not think anybody reading this thought that they were safe with a non-MS keyboard :)

Low Ranked

Joe @ Dec 3rd 2007 12:54PM

I am so tired of Microsoft's lack of security.

Neutral

Paul @ Dec 3rd 2007 1:10PM

You see, I had this whole reply typed out when I realized you were just another troll and I decided that it was not really worth my time.

Check out Joe's last few comments: http://www.blogsmith.com/profile/45904/

They are all negative, not a single positive response. I think someone needs to get off the grump couch.

Highly Ranked

John @ Dec 3rd 2007 12:57PM

If you want to sit outside my house in the cold trying to decrypt my typings, you just go right ahead

Neutral

Joe @ Dec 3rd 2007 2:50PM

@ John: Apologies, seems my response to Paul (who responded to my post) ended up under your post.

Neutral

Joe @ Dec 3rd 2007 2:48PM

Evidently, it was worth your time, since you spent some of it to respond and went so far as to locate past posts of mine.

Your response says much more about you than me.

Cheers.

Highly Ranked

cubiclegangsta @ Dec 3rd 2007 1:32PM

HA! U n00bs! This is why i don't use *any* keyboards. evar.

Neutral

finnith @ Dec 3rd 2007 5:31PM

on-screen keyboard ftw?

Neutral

cubiclegangsta @ Dec 3rd 2007 8:24PM

i simply type up nuggets such as this one via sheer will of mind.

j/k. i was mocking trolls.

Low Ranked

sizzle @ Dec 3rd 2007 1:40PM

If you slap yourself in the same spot over and over you'll get cancer in that spot.

Neutral

{MHWW} dM@n @ Dec 3rd 2007 5:57PM

Hey, that's my keyboard/mouse set!

Neutral

jou @ Mar 26th 2008 4:20AM

Shocker: water is wet

Add your comments

Your comments:

Remember me

E-Mail me when someone replies to this comment

Please keep your comments relevant to this blog entry. Email addresses are never displayed, but they are required to confirm your comments.

When you enter your name and email address, you'll be sent a link to confirm your comment, and a password. To leave another comment, just use that password.

To create a live link, simply type the URL (including http://) or email address and we will make it a live link for you. You can put up to 3 URLs in your comments. Line breaks and paragraphs are automatically converted — no need to use <p> or <br /> tags.

BlizzCon, day one Blizzard's Wilson: Some Battle.net features to be 'monetized' The incredibly strange and delightful Fallout 3 launch party	CBS begins adding full length TV shows to YouTube Ubuntu tip: Use Startup Manager to edit your boot menu Nik's Favourite iPhone Apps: Twitterrific
Sprint SmartView for Macs bricks broadband cards Apple Stores welcome kids via Field Trip For us 80s kids: Get a cassette case for your iPod nano	Does Jones Soda have any pop left? I sold Nuance Communications -- here's why McCain stock: Shaw Group (SGR) goes nuclear
Activision calls in the budget Secret Service TGS 08: Street Fighter IV extended trailer Rumor: Mirror's Edge demo releasing Nov. 6th	Build your own 1960 Beetle - with Legos Toyota seriously considering separate Prius brand Spotted in the wild: Porsche Carrera GT in Arkansas
New Star Trek Online screenshots show character options WoW Insider covers World of Warcraft from BlizzCon World of Warcraft-branded PC gaming mouse revealed	Tony Could Be Gonzo to New York if the Rumors Are True Seahawks Fans Might Get First Glimpse of Awesomeness That Is Charlie Frye Chad Pennington Wants to Do More Than Throw Changeups