Beware the Haunted Cordless keyboard

dr. greenthumb writes "The norwegian newspaper Aftenposten reports about an incident where a computer suddenly seemed to develop a life of its own. A game which the user could not remember using that day suddenly appeared on the screen. When he went over to shut it off the screen displayed a message asking him if he "really wanted to delete this file?" His computer was receiving keystrokes from another computer (with the same type of wireless keyboard) 150 metres away! Check out the full story and a follow-up, where experts warns against using wireless keyboards." /me plans to destroy Hemos' sanity...

Re:This is only the beginning

[Tensor]

Bluetooth is a close-range wireless protocol (about 10mts), and products are "bound" to each other, if you re using a wireless headset and walk close to some one using one they wont mix signals.
I would be much more worried to someone "stealing" my emails/contacts from my bluetooth pda, using my cellphone to dial out, and eavesdropping on my conversations, than messing up presentations

Not as bad as the haunted mouse...

[telstar]

Today's mice are well known to spiral the cursor in a circular motion around your screen at a high rate of speed, clicking the screen randomly when their internal circuitry begins to fry.

I've witnessed it twice ... once at a colleague's desk, and another time during an application demo.
It's great fun to explain that the problem is the mouse and not your app to a room full of speculative non-technical people.

Re:This is just funny...

[aridhol]

In theory, yes. How many combinations of frequency and code are there? My uncle used to work in a Ford factory, and every car that rolled off the assembly line together used the same key. It's possible that they keyboards have a similar problem.

Re:see why...

[Anonymous Coward]

Wireless mice arent much of a security hazard. if anyone is able to listen in on your wireless mouse, all they are going to get is cursor cordinates. unless you somehow enter your password using your mouse, theres not much usefull info to gain from a wireless mouse. It will also be very hard for someone else to do something to your pc though a cordless mouse, unless they can also see the screen. I cant stand corded mice anymore after owning a wireless mouse. Whenever i use corded mice in labs at school, or friends houses, i always find myself tugging on cords that get tangled up with something on or behind the desk or keyboard drawer. I however will never own a wireless keyboard. I had thought of security issues such as this long before this article appeared.

I'm using a Wireless keyboard

[JabberWokky]

I've been using a wireless keyboard anpined mouse for ages and I've haHey baby, I miss you!d no problems siWanna get together tonight?nce I got them.

Seriously, though. I've been using Logitech cordless desktops for years - I've had four in my apartment in close proximity with no problem, and used several at work as well. If a mouse or keyboard syncs with a base unit, it syncs to *that* unit. You can sync multiple devices to a base unit, but I have never seen a device sync to multiple base units. A nice little thing about Logitech's system is that they are all compatable - I like the simple diamond mouse and a keyboard without extra multimedia buttons, and detest the ergonomic "crashing wave" mouse. I can pick and choose my keyboard and mouse, walk over to a computer, hit the sync button and start using it at that terminal. The only problem I've ever had was when the living room computer was next to the multimedia computer and you sometimes synced to the wrong one... so you'd check before typing willy-nilly. :)

Wireless keyboards and mouses are great - I swear by them. I change batteries maybe once every 4 to 6 months, and don't ever have to worry about cables. At home I type in my lap, and can have my phone right against the top of my mousepad, my monitor to the left, and a glass of tea to the right and not worry about the cord catching the phone cord or knocking over the tea.

Now, I *would* like an encrypted signal, sure... but gimmie a break... who the hell cares to capture a few hours of my posting to Slashdot and writing rough drafts of lyrics? Certainly not *my* neighbors. Still, I ssh to my servers, and it would be really nice to have a secure connection to my keyboard. If I was really paranoid, I'd stick my monitors in a Faraday cage to prevent the video signal from being broadcast... everybody is sending *that* out (where everybody = really close to 100% of all computers).

--
Evan

Re:Not quite as fun as VNC

[gad_zuki!]

When I had pcAnywhere installed on my old machine it was pretty simple to fire it up on the old @home network and suddenly finding myself on a password-less PC. I also ran notepad but wrote, "Put a damn password on your pcAnywhere!"

That's the nice thing about the open VNC apps, you can't run them without some password and if you try to brute force it (at least in tightVNC) it locks you out for x amount of time. Not to mention its free. Yes, I know there's no built in encryption, but that's besides the point.

These things _have_ encryption

[geddes]

I just picked up a Logitech Cordless Access Keyboard a week ago, and I am incredibly happy with it. The convenience of being able to sit in my bad and control divx movies in mplayer is great :-)

I live in a dorm situation, so it is very possible kids who are nearbye will interfere/send keystrokes/recieve keystrokes from my computer. However, Logitech promises Cordless freedom through multi-channel digital radio technology with secure encryption [logitech.com].

Loitech assures us that the kind of stuff mentioned in the article cannot happen [logitech.com]:

To avoid the chance of interference between cordless products, every Logitech cordless product integrates a 12-bit security ID, which allows the receiver to uniquely identify the emitter (i.e., the cordless device, itself) that it is listening to. The 12-bit ID provides 4096 unique combinations of digits, lowering the risk of interference to less than 0.25%. Additionally, in some Logitech cordless keyboards and mice, multi-channel RF technology allows the channel to be changed in the event of a conflict.

To further minimize the impact of the already uncommon conflict or interference, some Logitech cordless keyboards now include secure encryption that protects the security of the data being typed on and transmitted by the keyboard.

But I can't find any more details about this technology. So some logitech keyboard have encryption, some don't. I wonder how easy it is to add encryption to these thigns without latency. I don't want to press "a" and wait 2 seconds while the signal decrpyts for the a to appear on my screen. I wonder how simple or complex the encryption is on my cordless access keyboard. Is it a simple XOR like the AIM passwords or is it real encryption? I don't know. But frankly, I am not worried.

Bottom Line: zero encryption with 12-but ID codes is good enough for me. If someone really wanted to get at my credit card numbers, they would probobly come into my unlocked room and find my wallet with my credit card in it instead of building a device to pick up the radio signals from my keyboard. Logitech claims a .25% chance of interference, and as long as my keyboard work, that is also good enough for me.

Re:This is just funny...

[DavidTC]

People think you're kidding, but you're not. My brother's Toyota was 'stolen' by someone who got in the wrong locked car one night and drove it across campus. (Toyotas have one key for the door and ignition.) Same color, same year, same model...same key. In the light of day, they both reported their cars missing.

Of course, almost any car can be unlocked by a slim jim anyway, so it's not worth worrying about. If you want your car to not be stolen, you need either to disable it (What I do.), or put a lowjack in it.

It's usually not that hard to kept your car from running. If someone tries to steal my car, they'll find the ignition can be hotwired like normal, but for some odd reason it won't shift out of park...and no, I won't tell you why that is.

Logitech

[Natchswing]

Speaking of logitech, I just bought the elite duo wireless mouse and keyboard. The keybaord has you go through some sort of securing process where it transmits a code to the keyboard then shows the code on the screen and asks me to enter it.

Now, I really have no clue whether this is just for show of if it actually does something. Does anyone know?

Alternatives?

[phorm]

How about a wide-spectrum IR-type keyboard. You'd have to align the transmitter and receiver, but at least the signal wouldn't be escaping the confines of your house/apartment/etc.

Also, how about security wireless mice? There's no password-sniffing risk, but I guess somebody could move the cursor around on your PC and delete files etc... not quite as bad as keybpard access though.

Can anyone give any info on available IR mice/keyboards? Most checks in search engines seem to just links about mice using IR for movement detection, not transmission

I've had a not so dissimilar experience

[Anonymous Coward]

When I was young I was given a pair of toy walkie talkies. Of course, I was able to pick up the neighbour's cordless phone coversation while being 100 metres away from their house.

Needless to say, I don't trust cordless devices - they just aren't secure enough. Even if you encrypt the signals, they're still broadcasts in-effect - someone can record the information and break the encryption a decade later.