(old)Puppy Linux Discussion Forum

READ-ONLY Archive
https://oldforum.puppylinux.com/

Concern over wireless keyboards

https://oldforum.puppylinux.com/viewtopic.php?t=107654

Page 1 of 1

Concern over wireless keyboards

Posted: Tue 26 Jul 2016, 16:00
by labbe5
http://www.theatlantic.com/technology/a ... newsletter

http://www.keysniffer.net/

Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption. A list of models is provided.

And keysniffer is the tool that helped make the discovery.

Re: Concern over wireless keyboards

Posted: Tue 26 Jul 2016, 16:48
by learnhow2code
labbe5 wrote:Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption.
this story comes out every few years. no, wireless keyboards are not secure. i would never type credit card details into one. but probably no one is listening when i do. still, why broadcast credit card details over the radio?

i had an infrared keyboard at one point. but it was ps2-based.

a ps/2 keyboard can be read by anyone that taps into your electrical wiring, puts a meter on it and reads the meter needle with a laser. but thats still more work than it takes to get your wireless keyboard data (sometimes?)

even if you have a secure wireless keyboard (if one exists and you own it) chances are someone will just replace it with a less secure one, because ergonomics, or coffee. or cheaply made keyboards.

for a tablet, wireless is usually the only option.

microsoft makes a "laptop" with a wireless keyboard "built in," doesnt it?

Posted: Tue 26 Jul 2016, 21:39
by bark_bark_bark
Does that mean for banking, you might want to pull out the trusty ol' IBM/Lexmark Model M keyboard? BTW, I would buy one if they weren't so expensive.

Posted: Tue 26 Jul 2016, 22:04
by Burn_IT
And the working range of a wireless keyboard is?
I think it would need to be a pretty persistent hacker to differentiate between the dozen keyboards in my office.
If you lose the receiver for one it is nigh impossible to get a replacement.

Posted: Tue 26 Jul 2016, 22:09
by learnhow2code
bark_bark_bark wrote:Does that mean for banking, you might want to pull out the trusty ol' IBM/Lexmark Model M keyboard? BTW, I would buy one if they weren't so expensive.
it means you should consider using a wired usb keyboard for banking, until you read enough stories about people reprogramming the usb controller to infect your keyboard controller. a "usb condom" wont help in this case, because your keyboard is supposed to transmit data to usb, not just power from it.

but also dont do online banking in a large apartment building with hackers living in it that can listen in over the electrical wiring :)

in short-- do whats reasonable. imo that means no banking over wireless keyboard (including bluetooth.) use wires. or just go to the atm-- but as we know, that has its own caveats.

im happy to use the atm personally, and i would be happy to use a (wired) usb keyboard for online banking, on a gnu/linux distro with an up-to-date browser, up-to-date kernel and dns, and up-to-date version of bash. in the future perhaps usb wont be secure enough, though for now i think its "probably ok." if youre going to use wireless at least avoid the models you know are not secure. what else can you do?
If you lose the receiver for one it is nigh impossible to get a replacement.
most logitech models (keyboard and mouse) can be reprogrammed using a small utility they offer for download, so if you have a 2-year-old logitech wireless keyboard and brand new mouse, you might get the adapter to work for one or the other other both (up to several devices.) its practically less trouble than pairing a bluetooth device.

the range was mentioned in the op. i agree its a minor concern, but i dont get why people are so non-chalant about it. its not great security if people can listen to the radio broadcast of your passwords and credit card info-- and the idea of not being able to distinguish between those broadcasts is pure wishful thinking.

how many keyboards do you type on a the same time? its not like theyre sending steganographic noise to fool people the rest of the time. and the basic support software has no trouble distinguishing between the noise of your mouse and the keys of your keyboard.

Posted: Tue 26 Jul 2016, 22:41
by Burn_IT
Quite honestly I am not going to worry about it - especially at home.
I think a lot of these reports are generated by these security people just to justify their own existence most of the time. I can't imagine a competent thief spending months sitting around my street trying to intercept keyboard presses from my once a month access to my bank.

They would probably find it easier to hack the wireless router or tap the phone cable anyway.

Posted: Tue 26 Jul 2016, 22:44
by learnhow2code
I think a lot of these reports are generated by these security people just to justify their own existence most of the time.
probably true.

Posted: Wed 27 Jul 2016, 01:33
by 8Geee
I dont use BT and thus don't worry about it. But the above is true. BT broadcasts, and can be intercepted. At least in the same room (say <25 ft/8m).
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited