Wireless Keyboard "Encryption" Cracked

squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."

Why a soundcard !

[iMaple]

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.

Why did they need a sound card to crack a wireless keyboard ? Play operatic songs to crack glass keyboards ? or to play "You have been pwned" on blaring speakers after the cracking is over ? On a serious note, they do not need any sound input/output for this, right ?

Shocked

[MrNemesis]

After reading the analysis of the "encryption", I'm utterly flabbergasted that they've been able to get away with it for so long - this sounds like something that hasn't been cracked purely by laziness, because with only 256 possible combinations you could practically decode it in real time in your head.

Any news on other manufacturers? I'm particularly concerned about Cherry (the only wireless keyboard I own, soon to be replaced with a bluetooth Logitech) for my HTPC.

P.S. for the nay-sayers - yes, I too have endless problems with the range of wireless keyboards but I dare say a proper antennae (as opposed to the tiny ones used in the standard receiver) you could probably get a clear signal from up to 10-15m away (25MHz = ~11.5m wavelength, no? ~5m aerial is easy enough to conceal). That's easily enough to snoop someone's keypresses from outside, even off-property.

As an aside, I'm aware that Bluetooth is an open standard, hence probably peer reviewed, hence probably having an association/encryption method that wasn't dreamt up by a crackhead. Can anyone here speak on its relative resilience in its current form, notwithstanding all of the vulns there've been in shoddy stack implementation?

I'll never trust those things

[WibbleOnMars]

Wireless keyboards? Pah, I'll never trust 'em.

A few years ago, the company I was working at decided to upgrade a few favoured individuals with a wireless keyboard/mouse combo. There was no good reason for them to have it, other than looking cool, but they got it anyway.

The first one was installed, and was a great success. The user loved being able to move their keyboard and mouse without, uh, being limited by a cable. They didn't actually move it, but they liked the fact that they could. Or maybe it was the fact that their desk didn't have any wires cluttering it up. Whatever it was, they loved it.

So the second one was installed, on a desk maybe ten metres away from the first.

It was a disaster. The two sets of devices conflicted with each other. Basically, the first one to switch on in the morning got control of both computers. When the second one was turned on, it found the devices on the other desk instead of its own ones, and then anything the first user did was echoed on the second machine as well.

It didn't take the engineering team long to fix the problem -- the two sets of devices were set to the same ID -- but it did nothing to inspire confidence. What that incident tells me is that if I want to hack these devices, all I need is a computer with a compatible receiver with the same ID, and hide it somewhere in range of their desk.

Things may have improved since then, but frankly I don't see the need for these devices to be wireless (especially on a desktop computer); no matter how good they make them, they'll still be an open security hole because the signals will always be available outside of your control.

This applies to any wireless device. But some wireless devices are more useful than others. For example, a mobile phone is a good use of wireless technology because it provides significant usability improvement over a wired phone. But for me a device like a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.

Wireless keyboards have encryption?

[WegianWarrior]

You learn something every day I guess... since my otherwise decent wireless keyboard lose reception from one end of my coach to the other - ie I have to sit on the left side of the coach to use it - I figured that putting in even rudimentarty encryption would be kinda pointless from a security point of view (short range - evesdropper would have to sit in my livingroom). And judging by the article, encryption is empoyed more to associate a keyboard with a reciver thanas a measure of security.

In a high security enviroment I could see the need. Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna (see TEMPEST [wikipedia.org] on Wikipedia). I've seen demonstrations where the keystrokes have been picked up by sensitive antennas 50m away thru a normal wall. A highly encrypted wireless keyboard might be safer; I'm not sure if such a product even exists today. A simpler option might be to place the computer and keyboard in a faraday cage...

Re:Shocked

[teh kurisu]

The summary ended sort of ominously, didn't it? "Bluetooth, it seems, is safe for the moment."

I feel relatively safe with my bluetooth Logitech keyboard (which I wouldn't give up for the world), but my worry is that the bluetooth implementation is not necessarily up to scratch. My particular keyboard is designed to be used with the USB dongle that came in the box, and Logitech don't officially support the keyboard's use with other bluetooth devices, which makes me wonder why (although it will work with my Apple laptop's built-in bluetooth receiver for basic functions).

Re:Gimme a break

[dsginter]

Anyone concerned about security doesn't use a wireless keyboard....Durrrr

That might seem like a trivial concept to you but I saw a wireless keyboard in use at a doctors office some years ago. When I mentioned to the staff that I didn't want them typing my personal details on that particular keyboard, they looked at me like I was wearing an actual tin foil hat.

Geeks need to realize that geeks aren't the only people who work in IT. Sensationalizing this sort of story hurts nobody and might actually spread awareness.

Re:Under my desk

[dintech]

A low ID troll is still a troll. The guy (QuantumG) [slashdot.org] has posted four obnoxious items in this thread already today. What a moron.

Re:Why?

[will_die]

Primary purpose of the encryption is to make sure that you are getting the input from another device. Not sure I would even call it encryption more like channel selection.

Re:Gimme a break

[Bearhouse]

Right. Worse still, I was at the doctor's a while ago when I saw him furiously trying to close lots of Internet Explorer pop-ups.

The conversation went something like this:

Me: You don't have a pop-up blocker then?
Dr: No. What's that?
Me: How about security software, anti virus?
Dr: No. What's that?
Me: How many patient records are stored on that thing?

*sigh*

Re:Gimme a break

[fallen1]

I am the head of IT for a large dental practice and we use wireless keyboards and mice in all of our operatories, at our front desk area, and in a couple of other areas -- because the owners wanted it that way, over my objections. They sign the paychecks so after I made sure they understood my objections, I gave them what they asked for.

It does make it easier to deploy our systems in our operatories because of the distances between the dental chairs and the computer bays. I would need 12 to 18' long cords on keyboards (and mice) and that would be a massive pile of shit to deal with in a hygiene or doctor's operatory due to how our system works. Not just our system, but the majority of dental practices (and I've seen a lot of medical practices setup the same or similar) are arranged the same way. The air space is so great between where the keyboards and mice need to sit and where the computers are located that it would not be practical to run cabled keyboards and mice. Plus, the chances of someone monitoring our wireless keyboards is so slim that I felt the risk was minor. I still do.

On the other hand, I believe the chances of someone trying to get into a wireless network are much greater and even with newer encryptions and firewalling/controlled access I would never allow such a network to be installed in this building. If they tried to push that agenda, I'd have my personal lawyer draw up a contract for the owners to sign absolving me of all responsibility for any break-ins that might happen and guaranteeing me a position with the company after any breach (or a VERY large golden parachute clause so I would have a lot of time to find a new position). That would probably get their attention and shut down the wireless network chatter but, as I said above, I still do not think there is enough of an issue with wireless keyboards to warrant more than a slight increase in watch status.

Of course, a couple of high profile theft of identity/information cases involving wireless keyboards will change my (and everyone else's) mind about that. Natch.

Re:urm

[thestuckmud]

TFA mentioned the keyboards operate on 27MHz. That's a wavelength of over 11 meters. At about half a wavelength wide, a yagi will not be small.

Others suggested dish antennas. For 27Mhz, no way.

Re:Under my desk

[Alsee]

eh, you probably just bought yours.

Wouldn't much matter. Someone who would actually go out and purchase for a low ID for nothing more than the sake of the number warrants comparable Geek Cred as someone who just happened to stumble across Slashdot early enough to snag a low ID. Both methods are Geek-significant in their own way, and both methods are absolutely meaningless in their own way. It's a wash.

-