'KeySniffer' attack allows wireless keyboard eavesdropping
The attack cost less than $100 to carry out and affects at least eight manufacturers.
Bastille researchers spotted a “KeySniffer” vulnerability affecting wireless keyboards from at least eight manufacturers, that could allow an attacker to eavesdrop and record a victim's keystrokes from hundreds of feet away.
The vulnerability is caused by the lack of encryption and researchers said keyboards manufactured by Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack and Toshiba, that use unencrypted radio communication are vulnerable to the attack, according to a July 26 press release.
It is possible that other brands and models are affected however, “Bluetooth keyboards and higher-end wireless keyboards from manufacturers including Logitech, Dell, and Lenovo are not susceptible to KeySniffer,” researchers said in the release.
The attack cost less than $100 to carry out and could allow an attacker to steal payment card data, banking information, security question answers, passwords, and any other private information typed on a vulnerable device.
Bastille notified the vendors of the vulnerability but said most, if not all, of the keyboards can't be upgraded and will need to be replaced.
“Quite simply, it was a shock to find that unencrypted wireless keyboards are still being sold in 2016,” Bastille Research Team Member Marc Newlin told SCMagazine.com via emailed comments.
Newlin said it's difficult to speculate the reason why the manufacturers left the communications unencrypted but said cost is likely a factor since Bluetooth requires licensing fees and more expensive radio hardware components.
He wasn't aware of any of the attacks being carried out in the wild but said the passive nature of the attack makes it difficult to detect.
“Unless the malicious actor is caught in the act, or leaves behind a data collection device, there is really no way to know that somebody is eavesdropping on your keystrokes,” Newlin said.
Earlier this year Bastille Researchers uncovered the “MouseJack” vulnerability, affecting non-Bluetooth dongle devices, which could enable an attacker to take over a computer using radio frequency signals.