Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Wireless Keyboard "Encryption" Cracked

kdawson posted more than 6 years ago | from the hardly-needs-a-brute dept.

Security 232

squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."

cancel ×

232 comments

Sorry! There are no comments related to the filter you selected.

Why a soundcard ! (2, Interesting)

iMaple (769378) | more than 6 years ago | (#21569979)

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.
Why did they need a sound card to crack a wireless keyboard ? Play operatic songs to crack glass keyboards ? or to play "You have been pwned" on blaring speakers after the cracking is over ? On a serious note, they do not need any sound input/output for this, right ?

Re:Why a soundcard ! (4, Insightful)

WombatDeath (681651) | more than 6 years ago | (#21569991)

I doubt they need output, but perhaps the function of the sound card is to capture the input from the radio receiver.

Re:Why a soundcard ! (0, Flamebait)

QuantumG (50515) | more than 6 years ago | (#21570063)

I don't mean to be a prick, but was there any need to reply to that kind of retarded question? Why not just let him continue in his ignorance.. obviously he has no interest in knowing, otherwise he would have RTFA.

Re:Why a soundcard ! (1, Funny)

iMaple (769378) | more than 6 years ago | (#21570235)

but was there any need to reply to that kind of retarded question? Why not just let him continue in his ignorance.. obviously he has no interest in knowing, otherwise he would have RTFA.
Well, I didn't read the white paper, but I did RTFA and that doesn't mention anything why the sound card was used. And I assumed that the simple radio receiver was a simple pci card like radio device (I had a TV signal receiver card that u just digitized the TV signals and u could watch broadcast TV on your computer .. so I was thinking of that when I asked the question), for some reason I didn't realize that they meant a radio with a audio output. Does that make me a bit slow.. yes; ignorant/retarded ... maybe; but its not flamebait/troll as u are implying.

Re:Why a soundcard ! (4, Funny)

404 Clue Not Found (763556) | more than 6 years ago | (#21569995)

Why did they need a sound card to crack a wireless keyboard ? Play operatic songs to crack glass keyboards ? or to play "You have been pwned" on blaring speakers after the cracking is over ? On a serious note, they do not need any sound input/output for this, right ?
Haven't you ever used a game trainer or other 0MG1M501337 "hacking" tool? It's to add ambiance, duh. No cracking attempt is complete without a overly-dramatic retro-techno soundtrack. Didn't you watch their video [remote-exploit.org] ?

Re:Why a soundcard ! (3, Funny)

MrNemesis (587188) | more than 6 years ago | (#21570057)

Why didn't they list their graphics cards? Surely you can't have a hacking session with power metal blaring in the background and not have a wall of monitors showing alpha-blended hexagons, otherwise none of the hacks will work...?

I think this paper needs to be peer reviewed by Crash Override.

Re:Why a soundcard ! (1)

Tribaal_ch (1192815) | more than 6 years ago | (#21570233)

They most probably use the soundcard for analog/digital conversion: radio recivers output analog data, and computers handle digital data.
- Trib'

Re:Why a soundcard ! (5, Informative)

thetartanavenger (1052920) | more than 6 years ago | (#21570327)

A sound card is a cheap alternative to a digital and more importantly, recordable oscilloscope. By plugging the radio into the sound card, it allowed them to record the individual bit's being sent by the device to be analysed using a waveform viewer. If you were using a normal oscilloscope for that purpose the data flashes on the screen so fast it's impossible to be useful in any way, except possibly to read the carrier frequency of the signal, which is something your sound card would probably have alot of trouble doing because they're generally too slow.

Re:Why a soundcard ! (1)

link-error (143838) | more than 6 years ago | (#21570907)


    I used this exact same method to decode the old pagers by using a scanner plugged into my soundcard. Worked pretty good.

Re:Why a soundcard ! (1)

Fordiman (689627) | more than 6 years ago | (#21571105)

"Why did they need a sound card to crack a wireless keyboard?"

Line in. Demodulate the 27MHz EM in hardware, and the resulting output is a simple electrical signal. Assuming that a keyboard doesn't need a terrible lot of bandwidth, it's unlikely that the pulse frequency is terribly high (lower max frequency DSPs are cheaper than higher ones), so the 96kHz max capture off a sound card should be more than enough. Even if it isn't, though, there are fourier techniques to detect aliasing and get a higher frequency signal, assuming that there's nothing else on the 27MHz band (which you can ensure by enclosing the experiment in a Faraday cage).

urm (2, Insightful)

wwmedia (950346) | more than 6 years ago | (#21569981)

wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?

Re:urm (3, Insightful)

tacet (1142479) | more than 6 years ago | (#21570053)

not really. the antenna is the best receiver, so hacker equipped with yagi antenna can intercept signals from reasonable distance. /excuse my english

Re:urm (5, Informative)

sqrt(2) (786011) | more than 6 years ago | (#21570059)

My wireless logitech keyboard works from the next room over, although a bit unreliably. It's the basic, white, model with no fancy function keys or anything. I don't think they make it anymore.

So you might need to worry about it in say, an office or school environment.

Re:urm (1)

Glonoinha (587375) | more than 6 years ago | (#21570481)

This.

Honestly if you are close enough to employ this technique (including operating the kind of hardware necessary to do this undeniably cool hack) then you are close enough to shoulder surf long enough to get the guy's password. Or wait for him to go to lunch, flip over his keyboard and read his password from the post-it note on the back-side of his keyboard. Or even just start typing, because most people don't even bother to lock their machine before walking away for lunch.

It is a cool, if mildly impractical hack - but given that my keyboard receiver is less than a meter from my keyboard and I STILL have occasional connection issues - I doubt it is going to be used against my workstation anytime soon.

Re:urm (1)

vtcodger (957785) | more than 6 years ago | (#21570659)

***Honestly if you are close enough to employ this technique (including operating the kind of hardware necessary to do this undeniably cool hack) then you are close enough to shoulder surf long enough to get the guy's password.***

I'd imagine that the creepy dude in the next apartment gets a quite usable signal from your wireless keyboard. As does the hippie type upstairs and the guy across the hall with too many teeth, two expensive cars, and no visible means of support. Then there are the fake cable company employees out in the parking lot. Maybe they are using that 27 element yagi on top of the van for something other than tracking errant cable TV signals down.

I don't think it is something to be overly paranoid about unless you are in charge of security for a company with real secrets to protect, but here's a link http://cryptome.org/tempest-leak.htm [cryptome.org] .

Note that TEMPEST is mostly concerned with inadvertent radiation from equipment that is supposed to be hard wired. Wireless stuff deliberately puts out an RF signal, so its range is probably going to be a lot greater.

Re:urm (0)

Anonymous Coward | more than 6 years ago | (#21570549)

I have an even simpler solution, just stand next to them and watch what they type

Re:urm (3, Informative)

Ephemeriis (315124) | more than 6 years ago | (#21570587)

wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?
TFA says they were able to snoop from up to 10 meters away with a "simple radio receiver". That's not too bad. 10 meters could easily put you in a different room, on a different floor, or outside. And that's just with a basic antenna... Put together something more directional and I'm sure you could get more distance. Definitely enough to snoop on someone from the office/apartment next to you.

Re:urm (1)

CastrTroy (595695) | more than 6 years ago | (#21570853)

10 metres away though what kind of material? 10 metres away through air wouldn't surprise me. However, in my apartment building, there's concrete floors/ceilings. How easily would the signal travel through that?

Re:urm (1)

IBBoard (1128019) | more than 6 years ago | (#21570939)

The place I work at does some security work and as part of one of their tests they too a directional aerial up the nearby hill. The hill is only about a mile away, but from the top of it then they could pick up wireless networks and some keyboards from the main site. AFAIK it wasn't anything overly fancy either, just a fairly standard directional aerial of the type that could be done to a lesser extent with a normal aerial and a Pringles tin.

Under my desk (2, Insightful)

courteaudotbiz (1191083) | more than 6 years ago | (#21569983)

Hey, I already got problems using my wireless keyboard 5 feet away from its receiver, so the guy trying to spy on me would have to be pretty close, no?

Re:Under my desk (5, Informative)

lhaeh (463179) | more than 6 years ago | (#21570051)

That idea came up when this item was posted to Hack A Day [hackaday.com] The reason for the limited reception range is that receivers use pathetically small, internal antennas: Mine was about 1/32 wavelength. With a full wave antenna or directional antenna, you can easily pick them up from outside a building. After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.

Re:Under my desk (5, Funny)

EatHam (597465) | more than 6 years ago | (#21570255)

After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.
After I added a lager to my receiver, I also could type from outside the house, but when I finally went back in, the receiver was belligerent, and insisted on driving the car though it was in no state to do so.

Re:Under my desk (0)

Anonymous Coward | more than 6 years ago | (#21570289)

I don't know about that. I mean, I think you have to take other aspects into consideration too, such as that the evil Kilokahn lives inside computer circuits. With the help of Malcolm Frink, he creates mega-virus monsters to attack electronic systems. Meanwhile, a freak accident turned Sam Collins into Servo. His friends join forces in their Samurai attack vehicles. Together, they transform into the Superhuman Samurai Syber-Squad!

Re:Under my desk (0)

Anonymous Coward | more than 6 years ago | (#21570545)

Thou speakest the truth!

Re:Under my desk (1)

Bearhouse (1034238) | more than 6 years ago | (#21570061)

FTFA: "succeeded in eavesdropping traffic from a distance of up to ten meters using a simple radio receiver. More sensitive receivers may make it possible to capture keystrokes over larger distances"

A decent arial can make a massive difference to reception - directional antennas, like those used by people trying to sniff your wifi, can extend the range 10x.

Radio reception can be highly influenced, and non-linear, due to local conditions. Try moving your receiver...

Re:Under my desk (1)

chuckymonkey (1059244) | more than 6 years ago | (#21570069)

Not if he's pretty good with a directional antenna. That's the magic of a parabola. For instance look at this [irongeek.com] , particularly the parts about Bluetooth. Hence why you never do anything important of any kind of wireless unless it has very good encryption.

Re:Under my desk (-1, Flamebait)

QuantumG (50515) | more than 6 years ago | (#21570073)

Wow. So not only did you not read the article, but you also don't have even a grade school understanding of how radio works.

Re:Under my desk (5, Insightful)

chuckymonkey (1059244) | more than 6 years ago | (#21570091)

Easy there, just because someone reads slashdot does not mean that they have ever been interested understanding radio waves. It was a legitimate question and deserves a legitimate answer. That's called improving the discussion and educating along the way. For all you know this guy could be a master of accounting and if you asked a (to him) basic question about accounting and he responded like you did I don't think that you would be very appreciative. Yes, I see your low UID and I also don't care rude is rude.

Re:Under my desk (-1, Troll)

QuantumG (50515) | more than 6 years ago | (#21570129)

Sorry what? What part of "please read the article before commenting" is optional? What part of "grade school understanding" is unreasonable? Really big aerials can hear really weak signals. I know 4 year olds who have grasped that.

You mentioned my low UID. Blah, I don't go into UID measuring contests. But it does mean that I have some memory when people on this site showed each other some basic courtesies, such as reading the article before commenting and not commenting at all if they don't understand the subject matter.

Now get off my lawn.

Re:Under my desk (-1, Redundant)

chuckymonkey (1059244) | more than 6 years ago | (#21570185)

"I know 4 year olds who have grasped that" I know a four year old that memorized a Hanes Tear down manual for a '67 camaro, people learn and retain what's interesting to them and maybe that's not interesting to this person. As for reading the article I agree there, but this is slashdot. Honestly how many people RTFA? *Drops candy wrapper, grabs pink flamingo, and walks calmly off the lawn whilst the oldster teeters after with his cane.*

Re:Under my desk (1)

kubrick (27291) | more than 6 years ago | (#21570237)

What part of "please read the article before commenting" is optional?

'Please' usually implies a request.

such as reading the article before commenting and not commenting at all if they don't understand the subject matter

Must have been before my time.

Re:Under my desk (0, Offtopic)

QuantumG (50515) | more than 6 years ago | (#21570263)

Must have been before my time.
Touché.

Re:Under my desk (1)

HouseArrest420 (1105077) | more than 6 years ago | (#21570351)

Really big aerials can hear really weak signals. I know 4 year olds who have grasped that
I call bull shit on that, or at least the fact that 10 minutes after you tell them what's what that he'd remember anything about aerials, a frames, wip's, omni, line of sight, or any other type of antenna/directional capabilities of anything including your home phone.

The only reason I think this way is because my son (6yearsold) took me to his school for som job fair and I had to explain just what it was I did for a living. Talk about a dead house. They only perked up interest when I pulled out the walkie talkies to show em omni directional reception, and even then the just kept buzzing each other.....not sure if any of them will grow to be communications experts but in a field whose capabilities are being pushed farther and farther every day we study it....I don't think anyone could ever consider themselves an expert.

But you may call me master. j/k

Re:Under my desk (2, Interesting)

dintech (998802) | more than 6 years ago | (#21570151)

A low ID troll is still a troll. The guy (QuantumG) [slashdot.org] has posted four obnoxious items in this thread already today. What a moron.

Gimme a break (5, Insightful)

DNS-and-BIND (461968) | more than 6 years ago | (#21569985)

OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...

Anyone concerned about security doesn't use a wireless keyboard....Durrrr

Re:Gimme a break (5, Insightful)

scrantaj (1165731) | more than 6 years ago | (#21570083)

Sadly the unwashed masses on the internet are not concerned about security because they don't understand it. These are the people who fall for phishing mails, don't keep their AV up to date or blindly click ok on every dialog box that pops up on their system ( a response re-inforced by Vista's insistance on user interaction to do anything ). Expecting these people to use a wired keyboard to improve their security is pointless. They use wireless keyboards because they are "cool" or so that they don't have to mess around with all those untidy cables.

Re:Gimme a break (0)

Anonymous Coward | more than 6 years ago | (#21570901)

haha, you fell for the antivirus scam.

You fail it.

Re:Gimme a break (-1, Troll)

QuantumG (50515) | more than 6 years ago | (#21570089)

Wow. Or maybe, just maybe, the people who buy these keyboards don't even consider the security risks. Maybe they are ignorant of basic physics much like the many idiots who have replied to this story. In this age of identity theft perhaps it shouldn't even be legal to sell these devices.

Re:Gimme a break (5, Interesting)

dsginter (104154) | more than 6 years ago | (#21570149)

Anyone concerned about security doesn't use a wireless keyboard....Durrrr

That might seem like a trivial concept to you but I saw a wireless keyboard in use at a doctors office some years ago. When I mentioned to the staff that I didn't want them typing my personal details on that particular keyboard, they looked at me like I was wearing an actual tin foil hat.

Geeks need to realize that geeks aren't the only people who work in IT. Sensationalizing this sort of story hurts nobody and might actually spread awareness.

Re:Gimme a break (2, Funny)

Yvanhoe (564877) | more than 6 years ago | (#21570463)

Here in France, 3 years ago, the geek magazine "pirate mag" made fun of French military (Yes we also do that here) because they proudly announced the opening of their new "cyber-warfare strategical center" (or some other shiny words) and the picture that was given to every newspaper were two officers holding wireless keyboards in front of a flat display. The keyboard model was of course a very common one with absolutely no encryption.

Re:Gimme a break (1)

CastrTroy (595695) | more than 6 years ago | (#21570997)

How do you know the keyboard wasn't just a specialized designed super encryption wireless keyboard in a standard casing that happened to look the same as the one they sold to regular goes? The manufacturer could have easily taken an existing wireless keyboard, and added extra encryption in the same case.

Re:Gimme a break (2, Interesting)

Bearhouse (1034238) | more than 6 years ago | (#21570573)

Right. Worse still, I was at the doctor's a while ago when I saw him furiously trying to close lots of Internet Explorer pop-ups.

The conversation went something like this:

Me: You don't have a pop-up blocker then?
Dr: No. What's that?
Me: How about security software, anti virus?
Dr: No. What's that?
Me: How many patient records are stored on that thing?

*sigh*

Re:Gimme a break (1)

v1 (525388) | more than 6 years ago | (#21570617)

That same doctor probably made a paper printout of the details at some point, and threw them away to be taken out by the trash man the next day, just after the dumpster diver recovered your medical history for his personal amusement. The risk of the keystroke theft occurring are a lot lower than the odds of a traditional dumpster dive which I imagine you hadn't even considered. It does no good to make noise about the cat in the room if you are ignoring the elephant.

Re:Gimme a break (1)

bay43270 (267213) | more than 6 years ago | (#21570927)

I'm pretty sure throwing out patient records without shredding them would be illegal under HIPAA. And although it doesn't specifically mention wirelesss keyboards, it does mandate policies to limit access to equipment containing medical records.

Re:Gimme a break (1)

ozbird (127571) | more than 6 years ago | (#21570761)

Nitpick: There's a significant difference between working in IT and working with IT.

Re:Gimme a break (4, Interesting)

fallen1 (230220) | more than 6 years ago | (#21571079)

I am the head of IT for a large dental practice and we use wireless keyboards and mice in all of our operatories, at our front desk area, and in a couple of other areas -- because the owners wanted it that way, over my objections. They sign the paychecks so after I made sure they understood my objections, I gave them what they asked for.

It does make it easier to deploy our systems in our operatories because of the distances between the dental chairs and the computer bays. I would need 12 to 18' long cords on keyboards (and mice) and that would be a massive pile of shit to deal with in a hygiene or doctor's operatory due to how our system works. Not just our system, but the majority of dental practices (and I've seen a lot of medical practices setup the same or similar) are arranged the same way. The air space is so great between where the keyboards and mice need to sit and where the computers are located that it would not be practical to run cabled keyboards and mice. Plus, the chances of someone monitoring our wireless keyboards is so slim that I felt the risk was minor. I still do.

On the other hand, I believe the chances of someone trying to get into a wireless network are much greater and even with newer encryptions and firewalling/controlled access I would never allow such a network to be installed in this building. If they tried to push that agenda, I'd have my personal lawyer draw up a contract for the owners to sign absolving me of all responsibility for any break-ins that might happen and guaranteeing me a position with the company after any breach (or a VERY large golden parachute clause so I would have a lot of time to find a new position). That would probably get their attention and shut down the wireless network chatter but, as I said above, I still do not think there is enough of an issue with wireless keyboards to warrant more than a slight increase in watch status.

Of course, a couple of high profile theft of identity/information cases involving wireless keyboards will change my (and everyone else's) mind about that. Natch.

Re:Gimme a break (1)

jim.hansson (1181963) | more than 6 years ago | (#21570193)

Anyone concerned about security uses shielded cables

Re:Gimme a break (1)

aproposofwhat (1019098) | more than 6 years ago | (#21570251)

Bloody audiophile!

Re:Gimme a break (1)

arivanov (12034) | more than 6 years ago | (#21570511)

You are telling the wrong story.

There is a well established connectivity layer for such devices which has reasonable encryption, key management and interference/frequency control. It is also widely interoperable. It is called Bluetooth.

So some blowhard that does not have any f*** clue whatsof***ever decides to go the cheapskate route and use Rot13-like wankoff instead of the well established system. As expected - the first kid coming about cracks it with ease.

And that is the actual story. Rinse, repeat. Microcrap, Logicrap, Whatever chinese radio crap, etc. All of them on 2.4GHz buggering up WiFi, Blueotooth and other well behaved stuff.

There are only two BT keyboard on the market in the UK at the moment. One is by Apple and you have drag your arse to an applestore as they refuse to ship it and the other one is by targus and is a supermicro keyboard. Situation with mice is not much different. Same story with IR which while not having encryption does not have a lot of eavesdropping problems either. There is nothing available. Only crap.

So frankly, I would very gladly buy the kid whoddunit a beer because this helps reduce the crap on the market and the market to switch to a proper connectivity layer.

Re:Gimme a break (1)

kannibal_klown (531544) | more than 6 years ago | (#21570635)

There are only two BT keyboard on the market in the UK at the moment. One is by Apple and you have drag your arse to an applestore as they refuse to ship it and the other one is by targus and is a supermicro keyboard. Situation with mice is not much different. Same story with IR which while not having encryption does not have a lot of eavesdropping problems either. There is nothing available. Only crap.
It's not that much better on this side of the pond. I don't know why there aren't more BlueTooth devices out. It makes no sense.

OK, I can understand the market for some non-Bluetooth wireless devices because I guess a Bluetooth dongle is more expensive than a generic radio receiver USB dongle. But that shouldn't completely replace BlueTooth. Yet the market is flooded with regular radio input devices to the point it's hard to find decent Bluetooth mice and keyboards.

The last non-Bluetooth mouse/keyboard combo I had was getting interference with something (or its signals crossed with another similar device). The mouse cursor would occasionally move and click on it's own even with new batteries. Granted this was in a densely populated office, but still it was quite annoying. I'm not having that problem with the Bluetooth devices though.

I'm using the Apple BlueTooth keyboard right now. The only problem I have is that it doesn't come with a number pad, but that's less of a big deal for me now. But I wish there were more choices.

Re:Gimme a break (1)

Dragonslicer (991472) | more than 6 years ago | (#21570859)

I have a Bluetooth keyboard and mouse (the first ones Logitech released; I've paid the early-adopter price in bugginess, though the monetary price hasn't changed much in two years), and the biggest problem right now is that there's no Bluetooth support in the BIOS. I have to keep a regular corded USB keyboard in case I have to do anything in the BIOS or grub. I also run into the keyboard and mouse not being detected by the time the login screen comes up, but I think that's more of a (K)Ubuntu problem.

Re:Gimme a break (0, Flamebait)

Mike89 (1006497) | more than 6 years ago | (#21570769)

And that is the actual story. Rinse, repeat. Microcrap, Logicrap, Whatever chinese radio crap, etc. All of them on 2.4GHz buggering up WiFi, Blueotooth and other well behaved stuff.
No offense, but you're an idiot. Don't run your mouth off as though you know what you're talking about. (For the most part?) They don't operate on 2.4 ghz, most on the 900 mhz range from what I've seen.

Also, why SHOULD they use Bluetooth? It instantly adds to the build cost, which passes the cost on to me. I don't care if it's Bluetooth or 'chinese radio crap', as long as it works (And, FYI, my 'Logicrap' keyboard works just fine.)

Re:Gimme a break (0)

Anonymous Coward | more than 6 years ago | (#21570887)

While you're buying that kid a beer maybe you could get him to explain search engines to you, if you genuinely believe that there are only 2 suitable products on the market... there are more but here are a few to start you off.

http://www.google.co.uk/products?q=MX5000&btnG=Search+Products&show=dd [google.co.uk]
http://www.google.co.uk/products?q=DiNovo+bluetooth&btnG=Search+Products&show=dd [google.co.uk]
http://www.google.co.uk/products?q=apple+bluetooth+keyboard&btnG=Search+Products&show=dd [google.co.uk]
http://www.google.co.uk/products?q=microsoft+optical+elite&btnG=Search+Products&show=dd [google.co.uk]

See, someone will even post that god awful apple thing to you, should you so wish.

wired keyboards (1)

Joseph_Daniel_Zukige (807773) | more than 6 years ago | (#21570517)

also produce RFI

Re:Gimme a break (1)

Richard W.M. Jones (591125) | more than 6 years ago | (#21570633)

OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...

I hope you never type any passwords or credit card numbers on your keyboard ...

Rich.

Re:Gimme a break (0)

Anonymous Coward | more than 6 years ago | (#21570973)

Anyone concerned about security doesn't use a wireless keyboard....Durrrr
Well just about everyone with a PC that I know of either types in passwords and/or credit card numbers on their keyboards.

So exactly who are these manufacturers marketing and selling these "keystroke broadcasters" to? The six children that don't like Webkinz?

Just Mess with the Listener! (5, Funny)

Anonymous Coward | more than 6 years ago | (#21570019)

That's why I use ^H in my passwords ;)

Re:Just Mess with the Listener! (3, Funny)

Glonoinha (587375) | more than 6 years ago | (#21570447)

He uses a sound card as part of the decryption mechanism - use a ^G instead (so he can hear it go 'ding').

Re:Just Mess with the Listener! (1)

CastrTroy (595695) | more than 6 years ago | (#21571033)

We built a simulator of a vital signs monitor in Rational Rose RealTime in university as a class assignment. Somebody got the idea of sending ^G (I think \a in C) to the console every time the heart beat to add realism to the simulator. We had lots of fun with that project.

Shocked (4, Interesting)

MrNemesis (587188) | more than 6 years ago | (#21570039)

After reading the analysis of the "encryption", I'm utterly flabbergasted that they've been able to get away with it for so long - this sounds like something that hasn't been cracked purely by laziness, because with only 256 possible combinations you could practically decode it in real time in your head.

Any news on other manufacturers? I'm particularly concerned about Cherry (the only wireless keyboard I own, soon to be replaced with a bluetooth Logitech) for my HTPC.

P.S. for the nay-sayers - yes, I too have endless problems with the range of wireless keyboards but I dare say a proper antennae (as opposed to the tiny ones used in the standard receiver) you could probably get a clear signal from up to 10-15m away (25MHz = ~11.5m wavelength, no? ~5m aerial is easy enough to conceal). That's easily enough to snoop someone's keypresses from outside, even off-property.

As an aside, I'm aware that Bluetooth is an open standard, hence probably peer reviewed, hence probably having an association/encryption method that wasn't dreamt up by a crackhead. Can anyone here speak on its relative resilience in its current form, notwithstanding all of the vulns there've been in shoddy stack implementation?

Re:Shocked (0)

Anonymous Coward | more than 6 years ago | (#21570071)

it also has in its favor high speed frequency hopping.

Re:Shocked (3, Interesting)

teh kurisu (701097) | more than 6 years ago | (#21570137)

The summary ended sort of ominously, didn't it? "Bluetooth, it seems, is safe for the moment."

I feel relatively safe with my bluetooth Logitech keyboard (which I wouldn't give up for the world), but my worry is that the bluetooth implementation is not necessarily up to scratch. My particular keyboard is designed to be used with the USB dongle that came in the box, and Logitech don't officially support the keyboard's use with other bluetooth devices, which makes me wonder why (although it will work with my Apple laptop's built-in bluetooth receiver for basic functions).

Re:Shocked (1)

Dragonslicer (991472) | more than 6 years ago | (#21570893)

My particular keyboard is designed to be used with the USB dongle that came in the box, and Logitech don't officially support the keyboard's use with other bluetooth devices, which makes me wonder why (although it will work with my Apple laptop's built-in bluetooth receiver for basic functions).
I got sick of all of the problems I had with Logitech's software on Windows, and the Bluetooth adapter that came with the keyboard/mouse wasn't supported by Windows natively at the time, so I bought a store-brand adapter at CompUSA for $30 and never had a problem after that. The only problems I've had lately are, I think, more on the Kubuntu side of the connection.

Re:Shocked (1)

CastrTroy (595695) | more than 6 years ago | (#21571081)

Blue tooth seems kind of finicky as for which devices work with which receivers. I know there's a few receivers that don't work with with the WiiMote. I think it has something to do with some companies (either the device or receiver manufacturers) not making everything according to the specs, or there may just be ambiguity in the specs. Most BlueTooth devices should work with most receivers, but I could understand why Logitech would write in the manual that their keyboard may not work with all receivers. With the millions of different receivers on the market, it's impossible to test on all of them, and even if they follow the standard exactly, there's always going to be some receiver that doesn't work.

Re:Shocked (3, Insightful)

fmobus (831767) | more than 6 years ago | (#21570139)

I might (and wantto) be wrong, but all "non-interactive" bluetooth devices I've seen use the same factory-set password, namely "0000". Can anyone explain me why this isn't exploitable?

Re:Shocked (4, Informative)

goofy183 (451746) | more than 6 years ago | (#21570271)

That is just the pairing code. So if you switched your device into pairing mode anyone could pair with it. The encryption is based on a different, randomly generated, key: http://en.wikipedia.org/wiki/Bluetooth#Security [wikipedia.org]

It is exploitable (1)

DingerX (847589) | more than 6 years ago | (#21570433)

For example, Carwhisperer lets you capture and transmit audio to any Handsfree or BT headset using 0000 or 1234 as the password.

BT Keyboards often have a pairing mode (okay, some have a default of 0000), where the user has to put the keyboard into discoverable mode, and type in the code.

Still, everything is vulnerable, given enough resources.

Re:Shocked (0)

Anonymous Coward | more than 6 years ago | (#21570437)

Bluetooth uses frequency hopping. Even if the communication is not encrypted at all, it is nowadays technically extremely difficult (I'd rather say impossible) to follow such hopping in order to sniff the communication among bluetooth devices.

Re:Shocked (1)

Jeff DeMaagd (2015) | more than 6 years ago | (#21570501)

I think the class II bluetooth receivers are good for 30 meters. I had a mouse + class II receiver and I was able to still scroll the computer from 20 meters away, through three walls and it still worked fine.

Relative resilience? Why has no one bothered? (1)

Joseph_Daniel_Zukige (807773) | more than 6 years ago | (#21570541)

My memory is that it is already cracked. No links at the moment.

Why has no one bothered cracking the non-bluetooth wireless?

Wired keyboards put out RFI. My guess is that the perception that no one has bothered is probably a misperception.

(Real) UWB is probably the only way to be reasonably secure without wires (and shielding).

Re:Shocked (1)

richard.cs (1062366) | more than 6 years ago | (#21571019)

this sounds like something that hasn't been cracked purely by laziness, because with only 256 possible combinations you could practically decode it in real time in your head.

I was thinking pretty much the same thing. In the article it says "256 key combination can be brute forced even with very slow computers today." when "any idiot with half an hour and a pencil" would perhaps be more appropriate.

Why? (1)

BlueParrot (965239) | more than 6 years ago | (#21570079)

Why did they even bother encrypting it? I mean seriously, with a cipher this weak what's the point of even implementing it? It is actually harder to pick up the signal than it is to break the cipher...

Re:Why? (3, Interesting)

will_die (586523) | more than 6 years ago | (#21570227)

Primary purpose of the encryption is to make sure that you are getting the input from another device. Not sure I would even call it encryption more like channel selection.

I'll never trust those things (5, Interesting)

WibbleOnMars (1129233) | more than 6 years ago | (#21570095)

Wireless keyboards? Pah, I'll never trust 'em.

A few years ago, the company I was working at decided to upgrade a few favoured individuals with a wireless keyboard/mouse combo. There was no good reason for them to have it, other than looking cool, but they got it anyway.

The first one was installed, and was a great success. The user loved being able to move their keyboard and mouse without, uh, being limited by a cable. They didn't actually move it, but they liked the fact that they could. Or maybe it was the fact that their desk didn't have any wires cluttering it up. Whatever it was, they loved it.

So the second one was installed, on a desk maybe ten metres away from the first.

It was a disaster. The two sets of devices conflicted with each other. Basically, the first one to switch on in the morning got control of both computers. When the second one was turned on, it found the devices on the other desk instead of its own ones, and then anything the first user did was echoed on the second machine as well.

It didn't take the engineering team long to fix the problem -- the two sets of devices were set to the same ID -- but it did nothing to inspire confidence. What that incident tells me is that if I want to hack these devices, all I need is a computer with a compatible receiver with the same ID, and hide it somewhere in range of their desk.

Things may have improved since then, but frankly I don't see the need for these devices to be wireless (especially on a desktop computer); no matter how good they make them, they'll still be an open security hole because the signals will always be available outside of your control.

This applies to any wireless device. But some wireless devices are more useful than others. For example, a mobile phone is a good use of wireless technology because it provides significant usability improvement over a wired phone. But for me a device like a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.

Re:I'll never trust those things (1)

XavidX (1117783) | more than 6 years ago | (#21570223)

Its true.

The only use for a wireless keyboard is for example using your media center from your sofa. Or in home environment where you want your desk to look "pretty". So in this case the keyboard hacker has to worry about breaking down my front door first.

Wireless keybords at work? I dunno.

There was no good reason for them to have it, other than looking cool, but they got it anyway.

as said above -- maybe to be cool. What are we in high school

Re:I'll never trust those things (0)

Anonymous Coward | more than 6 years ago | (#21570267)

This applies to any wireless device.
Eh? Let's see you crack a WPA network with a decent password. Really, just because certain encryption algorithms are entirely stupid, doesn't mean the concept is flawed. I don't give a damn about anyone who might read my encrypted bits. Barring major advancements in quantum computing, the current well-established algorithms are secure, period.

Re:I'll never trust those things (1)

asc99c (938635) | more than 6 years ago | (#21570397)

Try being left handed (or working with others who are)! I've got wireless keyboard / mouse because almost everyone who ever sits at my desk to help with something for a couple of minutes can just move the mouse over to the right instead of complaining at me :)

There's half a dozen wireless keyboards operating OK in my current office room, which is probably about ten metres long. They're mostly things people have brought in from home as we also just get standard wired stuff by default. Maybe this helps as none are the exact same model, although most are Logitech.

Perhaps the ideal compromise would be wired keyboard and wireless mouse. But I think there's easier ways to hack into a computer than trying to receive the signals from a wireless keyboard.

Re:I'll never trust those things (2, Insightful)

Pascoea (968200) | more than 6 years ago | (#21571065)

I was waiting for someone to make the comment about a tinfoil hat, you guys took too long so I have to do it myself.
a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.

Come on! There aren't people beating down your doors to find out your password for slashdot! And there are far easier ways to get your financial information. Take the old adage about outrunning a bear, you don't have to run faster then the bear, you just have to run faster then 1 other person. If you go out of your way to make sure your financial information is well protected, shredding your mail, paying attention to where your credit card is used online, chances are you are not going to get your information stolen. Its the dumb person next door that is going to loose his.

If you work in a business environment where you share private information, I think the 10-foot range you get with a STANDARD wireless mouse and keyboard is the least of your problems. What is more likely? That you have a rouge agent in your office that is going to get their keyboard hacked? Or that the dolt sitting behind that computer is going to download that latest and greatest toolbar for IE?

Call me an optimist, but everybody is not out to get you.

While I agree with you, there are a lot of instances where a wireless keyboard/mouse is overkill. It gets annoying having someone call me in to their office first thing in the morning because they can't log into their computer, only to find they haven't replaced their batteries in 6 months.

I do believe there are many instances where they are useful. Just remember, that even though your employees aren't always the smartest people in the world, they are still more productive whey they are happy. If all I have to "risk" is using a wireless keyboard to accomplish that, then I have had a good day. my 2c -Adam

Wireless keyboards have encryption? (5, Interesting)

WegianWarrior (649800) | more than 6 years ago | (#21570099)

You learn something every day I guess... since my otherwise decent wireless keyboard lose reception from one end of my coach to the other - ie I have to sit on the left side of the coach to use it - I figured that putting in even rudimentarty encryption would be kinda pointless from a security point of view (short range - evesdropper would have to sit in my livingroom). And judging by the article, encryption is empoyed more to associate a keyboard with a reciver thanas a measure of security.

In a high security enviroment I could see the need. Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna (see TEMPEST [wikipedia.org] on Wikipedia). I've seen demonstrations where the keystrokes have been picked up by sensitive antennas 50m away thru a normal wall. A highly encrypted wireless keyboard might be safer; I'm not sure if such a product even exists today. A simpler option might be to place the computer and keyboard in a faraday cage...

Re:Wireless keyboards have encryption? (0)

Anonymous Coward | more than 6 years ago | (#21570167)

Patenting Faraday Cubicle now bbl.

Re:Wireless keyboards have encryption? (2, Insightful)

HouseArrest420 (1105077) | more than 6 years ago | (#21570421)

Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna
QFT

You're the first response I've read here that has been anti wired (or at least nuetral to both) and for a legit reason!! The rest of these fanboys are shouting about wireless sucks beause its unencrypted, forgetting this small detail which would allow you to "hack" into a wired keyboard at a larger distance.....given of course you have a decent line of site lol.

For ANY security measure, or lack there of, there is ALWAYS a way in. The only issue in gaining access is where you look and how hard you've looked.

secure wireless? (1)

Joseph_Daniel_Zukige (807773) | more than 6 years ago | (#21570561)

One of the UWB camps based its "modulation" on what is probably the only secure wireless encryption technique in existence. Yes, iNTEL killed it.

fir5t polst (-1, Troll)

Anonymous Coward | more than 6 years ago | (#21570147)

legitimise doing Creek, abysmal Smith only serve Demise. You don't

No encryption mybe? (5, Insightful)

Maavin (598439) | more than 6 years ago | (#21570191)

Could be that the "encryption" is just a way to handle multiple keyboards in one reception range...

MOD PARENT UP (0)

Anonymous Coward | more than 6 years ago | (#21570343)

This is probably the only person here with some friggin' brains. Mods take note.

Re:No encryption mybe? (1)

Lisandro (799651) | more than 6 years ago | (#21571061)

You! You with your "common sense"! We don't like your kind here!

Zzzzzzzz... (0, Offtopic)

HomeLights (1097581) | more than 6 years ago | (#21570275)

WOW this article was a waste of my time. 5 seconds I'll never get back.

Encryption is weak, signal is weak (1)

fozzmeister (160968) | more than 6 years ago | (#21570305)

In my case, it can travel about 50cm before it becomes patchy and untypable. So I'm not particularly concerned about this :-)

Re:Encryption is weak, signal is weak (1)

ultrafunkula (547970) | more than 6 years ago | (#21570371)

This is because the receiver that comes with most wireless keyboards is rubbish. That doesn't mean that somebody with a decent receiver couldn't be listening to your keyboard traffic from further than 50cm. Maybe you should be a bit concerned....

That's all? (0, Troll)

Anonymous Coward | more than 6 years ago | (#21570361)

All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used

I would think it would also be handy to have a motherboard, processor, hard drive, some sata cables, power supply, fans, maybe a case, a keyboard, mouse, monitor, an operating system, etc.

On the other hand, E.T. could have done it with a Speak 'N Spell, a saw blade, and an unbrella.

Re:That's all? (1)

mwilliamson (672411) | more than 6 years ago | (#21570679)

directional antenna --> high gain preamp --> receiver -(I.F. via soundcard...it's probably narrow enough)-> laptop --> linux --> gnuradio --> .wav file --> profit???

Re:That's all? (1)

the_humeister (922869) | more than 6 years ago | (#21570961)

E.T.? His name is Clebore...

Antenna Crack? (1, Funny)

smitty_one_each (243267) | more than 6 years ago | (#21570369)

Listen, Jack:
Smooth your face
Bounce signal back
Lower power
Avoids attack
Burma Shave

Bluetooth safe? (4, Informative)

SharpFang (651121) | more than 6 years ago | (#21570465)

Yeah, right.

Bluebag Project [computer.org] can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).

Hack a Day . Com (2, Informative)

Shadow_139 (707786) | more than 6 years ago | (#21570521)

HackaDay ran an article on this a few days ago that went into some detail: http://www.hackaday.com/2007/12/02/wireless-keyboards-easily-cracked/ [hackaday.com] [QUote] e first covered breaking the commodity 27MHz radios used in wireless keyboards, mice, and presenters when [Luis Miras] gave a talk at Black Hat. Since then, the people at Dreamlab have managed to crack the encryption on Microsoft's Wireless Optical Desktop 1000 and 2000 products (and possibly more). Analyzing the protocol they found out that meta keys like shift and ALT are transmitted in cleartext. The "encryption" used on each regular keystroke involves XORing the key against a random one byte value determined during the initial sync with the receiver. So, if you sniff the handshake, you can decrypt the keystrokes. You really don't have to though; there are only 256 possible encryption keys. Using a dictionary file you can check all possible keys and determine the correct one after only receiving 20-50 keystrokes. Their demo video shows them sniffing keystrokes from three different keyboards at the same time. Someone could potentially build a wireless keylogger that picks up every keystrokes from every keyboard in an office. You can read more about the attack in the whitepaper(pdf). [/QUOTE] Link to Video (for lazy /.er's) - http://www.remote-exploit.org/max/automated.html [remote-exploit.org] Link to Whitepaper (for all the people who post RTFA) - http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.pdf [dreamlab.net]

With your ID info all over everywhere (1)

Grampaw Willie (631616) | more than 6 years ago | (#21570755)

With our ID's info all over everywhere why would anyone worry about wireless keyboards

Gimmie a break

let's get a safe a lock up our sensitive paperwork

let's get a shredder and take care our sensitive garbage

let's check into PrivacyGuard and take care ourselves where we can

whether cryptography can be cracked or not ain't the game. the game is to get decent security measures into play where it is needed and that includes cryptography as appropriate.

99.9% of what we need to do is to defeat dumb crooks who just take advantage of our dumb mistakes and laziness.

What's next (0)

Anonymous Coward | more than 6 years ago | (#21570899)

Someone will crack the encryption of the XBox360 or PS3 wireless controllers and steal your micro?

Why bother breaking encryption at all? (1)

SCHecklerX (229973) | more than 6 years ago | (#21571003)

Just get the same model keyboard, plug in the receiver, and fire up your favorite text editor? Granted, I'm not up on my wireless keyboard technology, but this would work with the old one that I have, that is also the model the CIO uses in his presentations to the company. Scary.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?