Concern over wireless keyboards

For discussions about security.
Post Reply
Message
Author
labbe5
Posts: 2159
Joined: Wed 13 Nov 2013, 14:26
Location: Canada

Concern over wireless keyboards

#1 Post by labbe5 »

http://www.theatlantic.com/technology/a ... newsletter

http://www.keysniffer.net/

Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption. A list of models is provided.

And keysniffer is the tool that helped make the discovery.
Top
learnhow2code

Re: Concern over wireless keyboards

#2 Post by learnhow2code »

labbe5 wrote:Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption.
this story comes out every few years. no, wireless keyboards are not secure. i would never type credit card details into one. but probably no one is listening when i do. still, why broadcast credit card details over the radio?

i had an infrared keyboard at one point. but it was ps2-based.

a ps/2 keyboard can be read by anyone that taps into your electrical wiring, puts a meter on it and reads the meter needle with a laser. but thats still more work than it takes to get your wireless keyboard data (sometimes?)

even if you have a secure wireless keyboard (if one exists and you own it) chances are someone will just replace it with a less secure one, because ergonomics, or coffee. or cheaply made keyboards.

for a tablet, wireless is usually the only option.

microsoft makes a "laptop" with a wireless keyboard "built in," doesnt it?
Top
bark_bark_bark
Posts: 1885
Joined: Tue 05 Jun 2012, 12:17
Location: Wisconsin USA

#3 Post by bark_bark_bark »

Does that mean for banking, you might want to pull out the trusty ol' IBM/Lexmark Model M keyboard? BTW, I would buy one if they weren't so expensive.
....
Top
User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#4 Post by Burn_IT »

And the working range of a wireless keyboard is?
I think it would need to be a pretty persistent hacker to differentiate between the dozen keyboards in my office.
If you lose the receiver for one it is nigh impossible to get a replacement.
"Just think of it as leaving early to avoid the rush" - T Pratchett
Top
learnhow2code

#5 Post by learnhow2code »

bark_bark_bark wrote:Does that mean for banking, you might want to pull out the trusty ol' IBM/Lexmark Model M keyboard? BTW, I would buy one if they weren't so expensive.
it means you should consider using a wired usb keyboard for banking, until you read enough stories about people reprogramming the usb controller to infect your keyboard controller. a "usb condom" wont help in this case, because your keyboard is supposed to transmit data to usb, not just power from it.

but also dont do online banking in a large apartment building with hackers living in it that can listen in over the electrical wiring :)

in short-- do whats reasonable. imo that means no banking over wireless keyboard (including bluetooth.) use wires. or just go to the atm-- but as we know, that has its own caveats.

im happy to use the atm personally, and i would be happy to use a (wired) usb keyboard for online banking, on a gnu/linux distro with an up-to-date browser, up-to-date kernel and dns, and up-to-date version of bash. in the future perhaps usb wont be secure enough, though for now i think its "probably ok." if youre going to use wireless at least avoid the models you know are not secure. what else can you do?
If you lose the receiver for one it is nigh impossible to get a replacement.
most logitech models (keyboard and mouse) can be reprogrammed using a small utility they offer for download, so if you have a 2-year-old logitech wireless keyboard and brand new mouse, you might get the adapter to work for one or the other other both (up to several devices.) its practically less trouble than pairing a bluetooth device.

the range was mentioned in the op. i agree its a minor concern, but i dont get why people are so non-chalant about it. its not great security if people can listen to the radio broadcast of your passwords and credit card info-- and the idea of not being able to distinguish between those broadcasts is pure wishful thinking.

how many keyboards do you type on a the same time? its not like theyre sending steganographic noise to fool people the rest of the time. and the basic support software has no trouble distinguishing between the noise of your mouse and the keys of your keyboard.
Top
User avatar
Burn_IT
Posts: 3650
Joined: Sat 12 Aug 2006, 19:25
Location: Tamworth UK

#6 Post by Burn_IT »

Quite honestly I am not going to worry about it - especially at home.
I think a lot of these reports are generated by these security people just to justify their own existence most of the time. I can't imagine a competent thief spending months sitting around my street trying to intercept keyboard presses from my once a month access to my bank.

They would probably find it easier to hack the wireless router or tap the phone cable anyway.
"Just think of it as leaving early to avoid the rush" - T Pratchett
Top
learnhow2code

#7 Post by learnhow2code »

I think a lot of these reports are generated by these security people just to justify their own existence most of the time.
probably true.
Top
User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#8 Post by 8Geee »

I dont use BT and thus don't worry about it. But the above is true. BT broadcasts, and can be intercepted. At least in the same room (say <25 ft/8m).
Linux user #498913 "Some people need to reimagine their thinking."
"Zuckerberg: a large city inhabited by mentally challenged people."
Top
Post Reply

Return to “Security”