The Berne, Switzerland,-based IT security firm disclosed last week that its researchers used a radio receiver, soundcard and other technology to break the encryption used in standard wireless keyboards featuring 27 MHz radio technology from more than 30 feet away.
The researchers warned that cybercriminals could use the technique, which Dreamlab did not disclose, to log the keystrokes – and usernames, passwords or bank details – of end users.
Max Moser and Phillipp Schrodel, Dreamlab researchers, successfully hacked transmissions between a PC and a Microsoft Wireless Optical Desktop 1000/2000 keyboard, the firm disclosed last week.
"Wireless communication is only as secure as the encryption technology used," Moser said in a news release. "Due to its nature, it can be tapped with little effort."
Dreamlab said that it notified wireless keyboard manufacturers of the flaw last week.
Tas Giakouminakis, CTO of Rapid7, a vulnerability-management vendor, said Thursday that many companies are unaware of how many wireless keyboards are used by employees.
"This is a critical security issue for many companies. The vulnerability opens the door for hackers to easily access corporate networks and customer data. Because these wireless keyboards are sold through many outlets, companies may not know how many are being used in their networks. Employees may have these wireless keyboards in their homes," he said. "While many organizations are concerned about 802.11 Wi-Fi eavesdropping, there has been very little focus on the risks posed by wireless keyboards. We expect that there will be increased attention to this issue in the coming weeks."Brittany Turner, Microsoft spokeswoman, said today that that Redmond, Wash.-based corporation offers additional security technology for customers.