Wireless Keylogger Masquerades as USB Phone Charger

msm1267 writes: Hardware hacker and security researcher Samy Kamkar has released a slick new device that masquerades as a typical USB wall charger but in fact houses a keylogger capable of recording keystrokes from nearby wireless keyboards. The device is known as KeySweeper, and Kamkar has released the source code and instructions for building one of your own. The components are inexpensive and easily available, and include an Arduino microcontroller, the charger itself, and a handful of other bits. When it's plugged into a wall socket, the KeySweeper will connect to a nearby Microsoft wireless keyboard and passively sniff, decrypt and record all of the keystrokes and send them back to the operator over the Web.

And this is good why?

[Iniamyen]

I am not a security expert, but what non-nefarious purpose does this product serve?

Re:

[AK Marc]

What if you want to sniff your own keyboard?

Re:And this is good why?

[fightinfilipino]

What if you want to sniff your own keyboard?

when i do this i just end up snorting cookie and chip crumbs.

Re:

[tehcyder]

What if you want to sniff your own keyboard?

I can only imagine you'd want to do this to see what your wife/kids/cat was using it for.

Re:

[sumdumass]

That does sort of raise the question of if you can sniff it, can you replay it?

If so, with a few keyboard shortcuts and control tans, you could have your neighbor sending penis to every email address he knows.

Re:And this is good why?

[slacktide]

It's purpose is clearly to force wireless device manufacturers to use secure data transmission protocols.

Re:

[Lumpy]

Don't buy cheap keyboards and mice and use bluetooth.

Problem solved.

Re:

[al0ha]

Dang this is NOT A STORY and the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR.

Re:

[hankwang]

"the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR."

The only meaningful hits on 'schneier microsoft wireless keyboard' is just a few broken links to a Dreamlab study: http://www.google.com/search?q... [google.com],

Those were using a 27 MHz transmitter (near field, i suppose)

Re:

[Ol Olsoc]

It's purpose is clearly to force wireless device manufacturers to use secure data transmission protocols.

I wonder if he teaches his kids about gravity by throwing one of them off a cliff?

Re:

[tehcyder]

It's purpose is clearly to force wireless device manufacturers to use secure data transmission protocols.

I genuinely can't tell whether or not you're joking. Excellent.

Re:And this is good why?

[Anonymous Coward]

people could be secretly using this technology already, could have been for the past 10 years or more, to spy on you.

by making it easy and publicizing it, this teaches you today about the risks you have already been facing which is good because perhaps now you will take steps and do something about it.

Re:

[Anonymous Coward]

It raises awareness to just how insecure wireless keyboards are, so that hopefully people will stop using them for anything important.

Re:And this is good why?

[Opportunist]

This is good because he told us instead of handing us a USB charger.

"But if he wouldn't develop it, it would be better!"

Nope. Because there is no such thing as security by apathy. Nobody has the monopoly on ideas, and this is hardly the first hack of this kind. Hiding microelectronics in inconspicuous everyday items is as old as, well, the Thing [wikipedia.org]. Think the US would have been spied upon if they themselves knew such a device can be developed?

And do you think you can be spied upon with such an item now?

Re:

[gstoddart]

And do you think you can be spied upon with such an item now?

Of course you bloody well can.

Are you going to run around unplugging every USB wall charger in your vicinity on the presumption it's bugged? Think you'll be in the airport and force everyone to unplug their USB chargers? Think that won't get you a beating?

Unless you have control over every single thing which is plugged in, you absolutely can still be spied on like this.

The form factor is trivially altered -- so then you're policing anything with

Re:

[Opportunist]

Well, then I guess the lesson is to not use wireless keyboards.

In the end, you have learned something. Information you have can never be harmful to yourself. At least not by itself.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[Firethorn]

Unless you have control over every single thing which is plugged in, you absolutely can still be spied on like this.

You'd also have to flip the breakers as well, not to mention wait until any integrated batteries have time to die.

I've seen this sort of stuff connected within the wall box the socket is in. They're already illegal, so you don't have to use 18 gauge wire or whatever while worrying about fire code - just tack on some whisker-thin wires (28 gauge?) for power. Heck, see if you can shove it OUT of the box.

Re:

[rthille]

If you're in the airport and you're using a wireless keyboard, you're a wanker...

Re:

[BronsCon]

Those use Bluetooth and, while probably not perfectly secure, are much more difficult to attack (unless they use a hardcoded passcode like 0000 or 1234)

Re: And this is good why?

[iluvcapra]

Don't BT keyboards do a key exchange? They just use the passcode for initial identification, but the actual event stream is encrypted with a session public key.

Re:

[BronsCon]

The key is derived from the passcode, if I recall correctly.

Re:

[Drewdad]

It's good, because it reveals a security flaw that could be exploited. By providing plans, it allows people to verify the finding.

If someone, like myself, is security conscious, then it helps to identify another threat vector.

Re:

[gweihir]

It is a demonstration what can be done. As such it servers to improve risk-management by potentially affected people.

so you can see what you are typing in the password

[swschrad]

obviously, this will be big among executive offices, saves time trying every password they have used in the past 20 years to watch videos during phone conferences.

Re:

[blueg3]

Demonstrating that people should be using wireless keyboard protocols that don't suck.

Re:

[alen]

say my monitor is broken and i want to know what i'm typing?

Re:

[g0bshiTe]

Illustrates why you should use a wired keyboard.

Re:

[sumdumass]

Ever hear of acustic cryto analizing?

Basically, with varying degress of success, a microphpne recording you typing and some software can decode your keystrokes on a wired keyboad. I'm waiting on someone to perfect the van eck effect/phreaking.. although i think that was limited to CTR monitors. Its been a while since i looked at either.

And this is good why?

[aaronb1138]

Mostly helping the hack job security companies have yet another dumb toy to trot out during demos and pentesting.

Re:

[BronsCon]

None. But it's good to know about.

Re:

[Archangel Michael]

In Spy vs Spy, which spy did you root for?

Re:

[Imagix]

Spy.

Re:

[CaptainDork]

You can test that with a magnet.

One more reason to use a wired keyboard

[Jeremi]

As if having to replace keyboard-batteries every 6 months wasn't reason enough. Is there really any benefit to having a keyboard be wireless, outside of a living room TV/PC scenario?

Re:

[Drethon]

That was my thought. Why broadcast any data unencrypted ever? Maybe wireless mouse data as I can't see that being particularly useful...

Re:

[Firethorn]

Why broadcast any data unencrypted ever?

Because broadcast to everyone is the purpose.

Otherwise the problem with wireless keyboards isn't 'just' that they're unencrypted, because some boast that they are encrypted, and they technically are. It's just that an 8 bit key is worth about as much as ROT-13.

Re:

[sinij]

A device that broadcast over sufficiently large range random flood of mouse clicks would be a very effective DoS tool in a corporate settings.

Re:One more reason to use a wired keyboard

[Nkwe]

A device that broadcast over sufficiently large range random flood of mouse clicks would be a very effective DoS tool in a corporate settings.

Or a device that broadcast a very specific non-random set of keystrokes. For example you could send the keystrokes to open up a command window followed by the keystrokes to download and execute malware. You could even send the keystrokes to type in the source code and compile the malware or a malware bootstrap process.

Re:

[gurps_npc]

Yes. You are not actually sitting at a desk. I routinely double screen - my monitor is on my living room coffe table, I type on the keyboard while sitting on my couch. In the back ground is the News on my regular TV.

Re:

[OzPeter]

As if having to replace keyboard-batteries every 6 months wasn't reason enough.

The batteries thing was one reason why I like my Logitech wireless keyboard as it is powered by solar cells - no battery changing at all.

But now .. hmm .. I totally didn't think about sniffing the keyboard.

Re:

[jeffmeden]

As if having to replace keyboard-batteries every 6 months wasn't reason enough.

The batteries thing was one reason why I like my Logitech wireless keyboard as it is powered by solar cells - no battery changing at all.

But now .. hmm .. I totally didn't think about sniffing the keyboard.

Logitech is actually out in front when it comes to encryption. Their 2.4ghz wireless keyboards going back almost 10 years have used 128 bit AES. Unless someone has leaked the pre-generated key algorithm, your chat history is safe and sound.

Re:

[Smerta]

Serious question (in case it sounds like I'm being antagonistic):

Since AES is a block cipher, and an AES block is 16 bytes, and since keypresses appear to be transmitted "instantaneously", does that mean for each keypress, a 16-byte block is formed, and encrypted? And what about the encryption mode? (Otherwise doesn't it basically become ECB?)

Seems like a stream cipher would make more sense, although you'd need a protocol on top of that to stay synchronized, since packets can become lost/corrupted

Re:

[Fnord666]

Since AES is a block cipher, and an AES block is 16 bytes, and since keypresses appear to be transmitted "instantaneously", does that mean for each keypress, a 16-byte block is formed, and encrypted? And what about the encryption mode? (Otherwise doesn't it basically become ECB?)

You use the block cipher to generate what is essentially a random stream, then XOR it with the input stream as needed, turning your block cipher into a stream cipher.

Re:

[PRMan]

I have arcade joysticks and driving wheels which I also hook up to my PC. It's a lot easier to move the keyboard when it's not attached. Other than that, nothing really.

Re:

[ArcadeMan]

A real arcade gamer would mod his computer desktop to have a rotating control panel and put the keyboard on one of the three sides!

Re:

[OhPlz]

Fewer cables. It's also nice if you want to make room for a book or pile of papers or something temporarily, there's no cord to argue with.

Re:

[Blaskowicz]

Time to get the "telephone cord" style of cord back on keyboards. It was invented so you can move the cord more easily.

Re:

[Barny]

I run two PCs with three displays. I typically use Synergy to mouse/keyboard share between them but, in case the network has issues, I keep a wireless controller hooked up to the second PC and the mouse/keyboard are in a drawer in the desk.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AmiMoJo]

It's not that bad. This particular issue was found back in 2007 and Microsoft fixed it with proper encryption, that so far has remained uncracked (at least as far as we know). The batteries in my wireless keyboards last years. It's the mice that chew through them every six months.

Immature industry

[Anonymous Coward]

Remember when we added networks to Windows 3.1? Remember how well that worked out? Remember how not having multi-user support totally didn't result in massive piles of insecure bug-ridden software full of viruses? Remember how antivirus software wasn't ever a thing?

Well, it seems we didn't learn here. Taking something that's not designed with security in mind and suddenly hitching it up to a network doesn't seem to be working well for anything really. What we've learned is that the market will quite happily

Re:

[Sowelu]

I'm pretty sure I've heard of acoustic keyloggers. Yeah they probably have tough restrictions on where they need to be placed to be effective, but you might luck out. Bet you could put one of those into this thing and remove the "wireless keyboard" requirement.

Dewhat?

[TheCarp]

This is why I hate large swaths of consumer products.

If the keyboard is encrypting keystrokes and sending them to the system....and a third party device sitting in the corner with no configuration involving dumping and loading keys....then the data is NOT encrypted.

If you use the same static key, or one of a few easily derivable keys, I don't care how solid the encryption alcogrythem you use is.... I do not consider it encrypted, because the use case took "strong encryption" and turned it into "weak obfuscation".

So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

Re:Dewhat?

[Firethorn]

So unless there is some esoteric trick they are using to exploit the system and get their hands on a key that should otherwise be secure.... then its a disservice to the public to even call it encryption, because unless that is the case and they were genuinely compromised from a use case that should have otherwise been secure.... then all they did was use a fancy obfuscator.

When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

Re:Dewhat?

[KingMotley]

When I was in the USAF I had great fun telling users that they could have a wireless keyboard & mouse just as soon as they found FIPS 140-2 compliant ones. I then told them that not only do none exist to our knowledge, but none are planned. The main problem being once you put serious encryption in there(as 140-2 requires), you're looking at a keyboard/mouse that are closer to smartphones than keyboards. IE a AA won't last a few months, you'll need to charge it like you do your smartphone. AES encryption also isn't intended for 8-16 bits at a time, so it's not really efficient there.

That's easy to solve. Since the keyboard and mouse are very likely near a PC, just run a charging cable to one of it's USB ports and never disconnect it. Then you can get rid of the battery completely. Problem solved. Then you've got a nice battery-less, always charged wireless keyboard and mouse. Tada!

Re:

[steelfood]

What's scary is that it sounds like something you could actually sell, for a premium over the kind that uses a battery, to a government agency.

Re:

[TheCarp]

The thing is, the cipher doesn't do the job alone, once you have a good cipher, you then need good key generation/negotiation, which pretty much requires some sort of authenticated pairing step which requires user interaction to complete.

Still pretty reasonable but, everyone wants "plug and play" and thats hard to reconcile with "safer play"

Re:

[Firethorn]

The thing is, the cipher doesn't do the job alone, once you have a good cipher, you then need good key generation/negotiation, which pretty much requires some sort of authenticated pairing step which requires user interaction to complete.

Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means you need enough logic to run the LCD screen and the pairing stuff.

I exaggerated a bit, with a cellphone battery the keyboard could probably last weeks. But a dumb keyboard is also in incredibly simple device, thus my statement 'closer to'. I also remember reading that for truly secure operation the keyboard would have to communicate with the computer a lot more, and more transmissions equates to shorter battery

Re:

[TheCarp]

DoD are not the only people who require FIPS 140-2. I have worked at shops with various mixes of FERPA, HPAA, and PCI requirements for various parts of their operation, and I have run into it a couple of times; though I can't tell you (because I don't know) whether any of them have been strictly due to a regulatory requirement or a place where local policy simply adopted the recommendations from it.

In short, if such a device existed, it might actually end up on several companies prefered purchasing lists fo

Re:

[Firethorn]

DoD are not the only people who require FIPS 140-2.

Point. It's a federal regulation, after all, and thus all departments with security concerns(such as the DoE) use it. Plus, lots of states follow federal rules due to the ease, and for private concerns it can also be a shortcut.

That being said, I once investigated the reason because even to me it seemed like a license to print money if you came out with one. I guess 'illegal' installations were easier and cheaper, too much competition with the expense and risk of trying to create one.

I wouldn't be surpri

Re:

[TheCarp]

> Which means you end up with, at least, a tiny LCD screen to show the pairing code. Which means
> you need enough logic to run the LCD screen and the pairing stuff.

oooh I have been thinking about this.... I think it can be done even easier and cheaper.

Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing. Just plug the dongle into the device, and press a button, they can do a key negotiation over their local USB con

Re:

[Firethorn]

Wireless keyboards generally require a wireless dongle. Put a usb port on the kb, used for emergency power obviously.... but... easy pairing.

For such a keyboard I'd go with 'charging' and have it act like a normal keyboard while plugged into the computer. Something like 'up to 2 days of fairly heavy usage per 2 hours charging'. Easy pairing, perhaps, but I think you'd need to write some software to do that, not that you aren't anyways.

Course if someone is coming into your house and plugging shit into the wall, maybe they can just replace your whole keyboard too....

Already a concern, would actually be less of a one with the secure keyboard - because the computer won't talk to a replacement.

Re:

[BronsCon]

Or, you put a USB port on the keyboard and design it so that, when the receiver dongle is plugged into the keyboard, the two exchange keys. Allow only one receiver pairing per device and only one device pairing per receiver, per type of device.

Even better, disable the radio when the receiver dongle is plugged into the keyboard for pairing, no data is transmitted wirelessly, require a password for the key exchange, require that the password be changed with every exchange, generate the key from a passphrase

Re:

[sinij]

I work in InfoSec, and insecure implementation is widespread and the norm. This is unlikely to change, not until consumers start demand product certification.

In my experience, common implementation flaws are 1) hard coded keys, 2) leaking of secrets 3) weak randomization leading to predictable keys, 4) use of weak cryptography.

Re:

[OzPeter]

This is unlikely to change, not until consumers start demand product certification.

But certification costs money. And I demand my cheap keyboard.

That and how the hell do you educate users that their keyboard has a security vulnerability (and does that mean having to keep an eye out for security patches for your keyboard?!?!? )

Re:

[sinij]

Well, I advocate and practice usage separation. Have a secure device dedicated for "important" tasks like banking. This way you can have usability in most cases, and security in cases that requires it.

As to how do you educate users that their keyboard, smart TV, smart thermostat, router, in-car infotainment system, child monitoring system, fitness band, implanted defibrillator all require security patches? You can't. Unless they are Dick Cheney, who has a very well deserved reason to be paranoid.

Re:

[TheCarp]

I would say this is pretty close to how I look at it now. I got a cheap wireless keyboard sure....but anyone sniffing the traffic is going to be bored to tears as I don't ever type anything the least bit confidential on it. Best you are getting is a bunch of youtube URLs and a whole bunch of wwwwwwwwwwwwwaaaaaaaaaaaaaaaasssssssssssssssddddddddddddddddddddddddfff

Re:

[Archangel Michael]

Most users don't care. Most users wouldn't care that their keyboard COULD be logged, even if they were told. MOST users are using wireless keyboards to type twitter and facebook posts.

Re:

[Jeremi]

Most users don't care. Most users wouldn't care that their keyboard COULD be logged, even if they were told. MOST users are using wireless keyboards to type twitter and facebook posts.

They also use those same keyboards to log in to their bank accounts, so they'll care after the first time their checking account gets drained. (And for those that don't use on-line banking, they'll care after the first time their Facebook account starts posting goatse pics for their mom to see)

Re:

[dave420]

If your bank account can be drained by using only intercepted keyboard data, you are with the wrong bank.

Re:

[Archangel Michael]

LastPass makes me immune to THIS kind of attack.

Re:

[TheCarp]

Which is all the more reason why system designers really should consider themselves as having a duty to care for them. The vast majority of users are not experts and any risks they expose themselves to in using the product really are things they can't be expected to understand. So products intended for non-professional markets especially; should really be designs to not expose inexpert users to risks as much as possible.

Re:Dewhat?

[Opportunist]

It's not even weak obfuscation. The "key" is the mac address of the device... which is sent along with every single packet.

Re:Dewhat?

[Dagger2]

And the "key" is xored with the plaintext to get the "encrypted" text, and the typed character is in a single byte. So you only actually need a single byte of the MAC address.

And it happens to be the first byte, which for these Microsoft keyboards is always 0xCD. So you don't even need to bother figuring out what the MAC address is.

Re:

[goombah99]

the presentation was confusing. It seems that you still need the mac address to be able to listen at all. but you can brute force scanning for all of them. you just don't neeed it for the decrypt.

Re:

[Dagger2]

Needing to know the MAC address is just a limitation of the nRF24L01+ chip he was using. Conveniently though, the chip has an undocumented feature (or bug) that lets you trick it into giving the full packet, including the MAC address header. The only brute force scanning he ends up doing is to scan through all the different frequencies.

Re:

[Blaskowicz]

That sounds good if you simply want keypresses to not land accidentally in another computer's receiver.

Re:

[The New Guy 2.0]

This is why you need Bluetooth in order to be sure there's enough processor in the keyboard to encrypt. Microsoft's proprietary system for this now has to be considered hacked.

Re:

[mlts]

This raises a question:

Why do we have these non-standard wireless keyboard protocols that have unknown (if not nonexistant) levels of security, when BlueTooth is a widely accepted standard, and has proven itself quite robust to attack (it isn't perfect, but BT 4.2 is pretty darn secure.)

Why doesn't MS and other keyboard makers bundle a BT dongle ($10 on Amazon), and go with a tried/true standard? If the keyboard supports USB for charging, then pairing is definitely not an issue. If not, it can come pre-pa

Re:

[John Bokma]

alcogrythem

I like it, sounds like a good title for a steampunk book: "The Alcogrythem" by Neal Stephenson.

Re:

[TheCarp]

In the future keyboard designers should make the protocol more configurable so that on casual observation it is not so easy to determine what packets are data

Thats a very common misconception, but the fact is that is pretty exactly what they should NOT do.

Specifically that is, they should not even attempt to design their own method of securing the data. They should use fairly standard, well tested, modules produced by professional cryptographers. Full stop. These are solved problems, and there are several v

Re:

[TheCarp]

I know I am a little late to the reply but...

> I prefer a wireless keyboard with a USB dongle that acts as a standard keyboard, thank you.

which is exactly what I prefer too but, which is why I say, ditch the driver. The driver is just one more place your scheme can be compromised, clearly the solution is to have the dongle capable of pairing without PC participation beyond, (possibly) providing power.

Come on, MS Keyboards are secure.

[140Mandak262Jamuna]

I am sure the Microsoft keyboards are well engineered and will not allow a random listener within earshot to snoop in on communications. Microsoft has a well earned reputation for placing security above everything else. It would not compromise the security for some trivial thing like ease-of-use for dimwitted user. The keyboard will be using encrypted communication between the wireless keyboard and the host PC. In almost all the conference rooms in our office we routinely use wireless keyboard to log in to the conf-room PC, then remote desktop to login to our workstations to make presentations. We would not do it, if someone is using a compromised USB charger in the conference room.

I have very good experience walking past grave yards whistling.

Re:

[The New Guy 2.0]

Was this a joke? Nobody's laughing...

Re:

[Drewdad]

Is it a joke? Dunno. Do you define satire that way?

Re:

[The New Guy 2.0]

Well, it's "flip"... it's a comment that states the opposite of the summary at the top.

Re:

[desdinova 216]

wooosh

Re:

[93 Escort Wagon]

It would not compromise the security for some trivial thing like ease-of-use for dimwitted user.

No one who's used a Microsoft product would believe "ease of use" was given any significant amount of consideration by the design team.

8 years late to the party

[al0ha]

Dang this is NOT A STORY and the claim that this can work against all Microsoft Wireless Keyboards is 100% BS, and has been since 2007, when the issue was first uncovered; covered in depth by Schneier, and remedied in all versions of the Microsoft Wireless Keyboard created since then, which use at minimum 128-bit AES; NOT XOR.

It's 2015, not 2007 people...

Another use

[Russ1642]

Can I use one of these as a replacement for the original wireless keyboard receiver? If I get more than five feet from the original receiver the keyboard doesn't work. This device is probably much better.

Another reason

[Trogre]

Another reason to avoid wireless keyboards unless absolutely necessary and security is of no concern.

Not too worried about this

[Quarters]

The receiver for my Microsoft wireless keyboard has to be 1' away from the keyboard or else I drop keystrokes pretty regularly. So unless this thing is laid right across the home-key row I'm not worried that it will pick anything useful up.

Playing dumb

[T.E.D.]

Is there any way I can play dumb, and get some of these from a hacker? I never ever buy wireless keyboards (just what I don't need- a less reliable human input device), but I could really use some free USB chargers.

Re:

[Opportunist]

I've read the specs and seen the required skills to build one. If you can build one, you could come up with the relevant ideas yourself. If anything, he just saved people who want to build such a thing some time.

OTOH, he taught us not to accept strange gifts or use chargers we find lying around. Which is heaps easier than building one of those things.

Re:

[boristdog]

And you know, to not use wireless keyboards in any environment that could be compromised.

Re:

[Opportunist]

Come out of your basement, get into a corporate environment and you'll immediately spot a use case. In case that's not obvious enough, three words: Open Plan Office.

Or how about the fact that the average office building has walls that are, at best, not see-through... hmmm, I wonder if that office next to that law firm is available... what? Me spying on lawyers? Of course not officer, please come in, look around, as you can see I barely moved in yet, all I have is my laptop and my cellphone. Yeah, these new

Re:

[aaronb1138]

I work in corporate environments. You're still well within the range of physical proximity attacks. Acoustic keyboard analysis works on both wired and wireless keyboards. Wired keyboards are still subject to, and perhaps even easier to listen into their EMR characteristics.

A younger generation would be better served by a general understanding of EMR, more specifically the fundamental physics of electricity, inductance, and RF. Understanding the general underlying principals from the science side, then t

Re:

[CaptainDork]

The current generation would do well to fix this shit.

Re:

[PPH]

Back when WiFi was a New Thing, Boeing banned them on their intranet. Many people wanted to wander around with untethered laptops, so they'd bring a WiFi hub and plug it into their office Ethernet port.

The IT people called the electronics lab for help. One day, a couple of guys were pushing an HP spectrum analyzer attached to a microwave horn antenna/converter on a cart around the office, looking for hubs. By the end of the day, they had located every microwave oven on the premises.