- Jun 9, 2013
- 6,720
Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and payment card info users input through them.
The problem with the vulnerable keyboards is that they don’t encrypt the keystroke data before they transmit it wirelessly to the USB dongle, and that’s because their manufacturers opted to use unencrypted radio communication protocols.
“Wireless keyboards commonly communicate using proprietary protocols operating in the 2.4GHz ISM band. In contrast to Bluetooth, there is no industry standard to follow, leaving each vendor to implement their own security scheme,” Newlin explained how the problem arose.
Aside from eavesdropping on the victim’s keystrokes, an attacker can also inject malicious keystroke commands into the victim’s computer, allowing him to perform actions like installing malware or exfiltrating data.
Full Article. Low-cost wireless keyboards open to keystroke sniffing and injection attacks - Help Net Security
The problem with the vulnerable keyboards is that they don’t encrypt the keystroke data before they transmit it wirelessly to the USB dongle, and that’s because their manufacturers opted to use unencrypted radio communication protocols.
“Wireless keyboards commonly communicate using proprietary protocols operating in the 2.4GHz ISM band. In contrast to Bluetooth, there is no industry standard to follow, leaving each vendor to implement their own security scheme,” Newlin explained how the problem arose.
Aside from eavesdropping on the victim’s keystrokes, an attacker can also inject malicious keystroke commands into the victim’s computer, allowing him to perform actions like installing malware or exfiltrating data.
Full Article. Low-cost wireless keyboards open to keystroke sniffing and injection attacks - Help Net Security
