Wireless keyboards of 8 high-profile manufacturers are vulnerable to attacks leading to undetectable spying!
A Wireless keyboard offers portability allowing users not to be bound to a desk but recently researchers have identified a critical security flaw in some of the most used wireless keyboards manufactured by some high-profile IT giants posing a huge privacy threat.
Dubbed KeySniffer; the security flaw allows attackers to spy on users as well as steal their financial and login details. That’s not all, no antivirus software or firewall can detect this attack nor cab it be stopped so if you become a victim of KeySniffer your chats, emails, passwords, private notes card numbers, expiration date, CVV code Bank account usernames and passwords Answers to security questions: name of your first pet, mother’s maiden name, etc. Network access passwords Any secrets: business or personal typed into a document or email or anything else you type goes to the hacker in clear-text form.
This security flaw was discovered by security researchers at Bastille who demonstrated, if exploited, how easy it will be for anyone to hack into your system and spy while sitting 250 feet away with a $12 radio device.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”
According to Newlin of Bastille, the targeted keyboards belong to some world renowned computer hardware and software manufacturers including Anker, EagleTech, General Electric, Hewlett-Packard (HP), Insignia, Kensington, Radio Shack and Toshiba.
“As soon as I had finished the initial reverse engineering process it was immediately clear that these devices were sending all the keystrokes in clear text,” Newlin told ThreatPost.
— Marc Newlin (@marcnewlin) July 21, 2016
In February 2016, Newlin also exposed Mousejack attack, a similar security flaw in low-quality wireless keyboards and mice allowing attackers to inject keystrokes.
An important aspect of this discovery is that the firm asked manufacturers to address the issue within 90 days but most of the companies failed to respond, as stated in the report. Researchers are gearing up to demonstrate the proof of concept in upcoming Defcon hacker conference in two weeks. Affected users should switch to a wired or Bluetooth-enabled keyboard, said Bastille.
I've been playing with wireless keyboards lately, and many of them are unencrypted. More details in my DEF CON talk. https://t.co/BLflGaBBZ8
— Marc Newlin (@marcnewlin) July 26, 2016
If you are using the wireless keyboard from any of aforementioned manufacturers just switch to a wired or Bluetooth-enabled keyboard asap!