Security researcher Marc Newlin, of Bastille Networks, has revealed a security hole in a number of wireless keyboards and mice. They dubbed the hacking tool “KeySniffer“. The vulnerability can allow a hacker to eavesdrop on everything being entered from confidential text to passwords or financial information.
A similar hack was developed last year by @SamyKamkar for intercepting certain Microsoft keyboards.
Marc Newlin found vulnerabilities in the following manufacturers keyboards (there may be vulnerabilities in other products, these are just the ones tested at Bastille):
- Anker
- EagleTec
- General Electric
- Hewlett-Packard
- Insignia
- Kensington
- Radio Shack
- Toshiba
Some of these manufacturers have already issued software updates to fix the security holes. Marc’s page has links and more details for these products here: https://www.keysniffer.net/affected-devices
Marc Newlin explains the Keysniffer vulnerability.
The keyboards with this vulnerability use 2.4 GHz radio transmission. Although the 2.4 GHz frequency band is also used for Wifi and Bluetooth, these devices use neither of those protocols.
For protection against such attacks, Marc recommends switching to a wired keyboard or bluetooth which has a higher level of security.
For more information see:
KeySniffer.net
Bastille.net