Wireless Keyboard "Encryption" Cracked

squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."

urm

[wwmedia]

wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?

Under my desk

[courteaudotbiz]

Hey, I already got problems using my wireless keyboard 5 feet away from its receiver, so the guy trying to spy on me would have to be pretty close, no?

Gimme a break

[DNS-and-BIND]

OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...

Anyone concerned about security doesn't use a wireless keyboard....Durrrr

Re:Why a soundcard !

[WombatDeath]

I doubt they need output, but perhaps the function of the sound card is to capture the input from the radio receiver.

Re:urm

[tacet]

not really. the antenna is the best receiver, so hacker equipped with yagi antenna can intercept signals from reasonable distance. /excuse my english

Re:Gimme a break

[scrantaj]

Sadly the unwashed masses on the internet are not concerned about security because they don't understand it. These are the people who fall for phishing mails, don't keep their AV up to date or blindly click ok on every dialog box that pops up on their system ( a response re-inforced by Vista's insistance on user interaction to do anything ). Expecting these people to use a wired keyboard to improve their security is pointless. They use wireless keyboards because they are "cool" or so that they don't have to mess around with all those untidy cables.

Re:Under my desk

[chuckymonkey]

Easy there, just because someone reads slashdot does not mean that they have ever been interested understanding radio waves. It was a legitimate question and deserves a legitimate answer. That's called improving the discussion and educating along the way. For all you know this guy could be a master of accounting and if you asked a (to him) basic question about accounting and he responded like you did I don't think that you would be very appreciative. Yes, I see your low UID and I also don't care rude is rude.

Re:Shocked

[fmobus]

I might (and wantto) be wrong, but all "non-interactive" bluetooth devices I've seen use the same factory-set password, namely "0000". Can anyone explain me why this isn't exploitable?

No encryption mybe?

[Maavin]

Could be that the "encryption" is just a way to handle multiple keyboards in one reception range...

Re:Wireless keyboards have encryption?

[HouseArrest420]

Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna

QFT

You're the first response I've read here that has been anti wired (or at least nuetral to both) and for a legit reason!! The rest of these fanboys are shouting about wireless sucks beause its unencrypted, forgetting this small detail which would allow you to "hack" into a wired keyboard at a larger distance.....given of course you have a decent line of site lol.

For ANY security measure, or lack there of, there is ALWAYS a way in. The only issue in gaining access is where you look and how hard you've looked.

Re:I'll never trust those things

[Pascoea]

I was waiting for someone to make the comment about a tinfoil hat, you guys took too long so I have to do it myself.
a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.

Come on! There aren't people beating down your doors to find out your password for slashdot! And there are far easier ways to get your financial information. Take the old adage about outrunning a bear, you don't have to run faster then the bear, you just have to run faster then 1 other person. If you go out of your way to make sure your financial information is well protected, shredding your mail, paying attention to where your credit card is used online, chances are you are not going to get your information stolen. Its the dumb person next door that is going to loose his.

If you work in a business environment where you share private information, I think the 10-foot range you get with a STANDARD wireless mouse and keyboard is the least of your problems. What is more likely? That you have a rouge agent in your office that is going to get their keyboard hacked? Or that the dolt sitting behind that computer is going to download that latest and greatest toolbar for IE?

Call me an optimist, but everybody is not out to get you.

While I agree with you, there are a lot of instances where a wireless keyboard/mouse is overkill. It gets annoying having someone call me in to their office first thing in the morning because they can't log into their computer, only to find they haven't replaced their batteries in 6 months.

I do believe there are many instances where they are useful. Just remember, that even though your employees aren't always the smartest people in the world, they are still more productive whey they are happy. If all I have to "risk" is using a wireless keyboard to accomplish that, then I have had a good day. my 2c -Adam

Re:Why a soundcard !

[Fordiman]

"Why not just let him continue in his ignorance?"

Well, because the less you share information with the apparently ignorant, the more ignorant society at large is.

If I ask a question, even if it's a dumb one, I desire an answer. As such, I respond to questions I have the answers to. Be the change you want to see in the world, and all.

Re:urm

[rycamor]

In our development dept., one guy used a wireless Logitech keyboard to set up his test FreeBSD box, then left the box on for the next couple days without checking (he did log out, though). Next time we looked at it, the screen was covered with login passwords, chat discussions, company memos, etc... We fairly freaked for a minute, then after a bit of quick reconnaissance, discovered that the company's sales director was also using the same keyboard in an office 3 rooms over. So somehow not only did these two keyboards happen to have the same encryption key, but the signal went through 3 walls and 30 ft of space to reach our console. We stopped using wireless anything after that.