Wireless Keyboard "Encryption" Cracked 232
squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."
Why a soundcard ! (Score:2, Interesting)
Re:Why a soundcard ! (Score:5, Insightful)
Re: (Score:2, Funny)
but was there any need to reply to that kind of retarded question? Why not just let him continue in his ignorance.. obviously he has no interest in knowing, otherwise he would have RTFA.
Well, I didn't read the white paper, but I did RTFA and that doesn't mention anything why the sound card was used. And I assumed that the simple radio receiver was a simple pci card like radio device (I had a TV signal receiver card that u just digitized the TV signals and u could watch broadcast TV on your computer .. so I was thinking of that when I asked the question), for some reason I didn't realize that they meant a radio with a audio output. Does that make me a bit slow.. yes; ignorant/retarded ...
Re: (Score:3, Informative)
Your basic radio-to-PCM device doesn't have a sufficiently flexible tuner to reach below the 85MHz FM lower limit into the depths of 27MHz. An analog FM tuner can be easily hacked to do this, but you'd basically have to rip out the capacitor DAC that a fu
Re:Why a soundcard ! (Score:5, Insightful)
Well, because the less you share information with the apparently ignorant, the more ignorant society at large is.
If I ask a question, even if it's a dumb one, I desire an answer. As such, I respond to questions I have the answers to. Be the change you want to see in the world, and all.
Comment removed (Score:5, Funny)
Re:Why a soundcard ! (Score:4, Funny)
I think this paper needs to be peer reviewed by Crash Override.
Re:Why a soundcard ! (Score:5, Informative)
Re: (Score:2)
Re: (Score:2)
Line in. Demodulate the 27MHz EM in hardware, and the resulting output is a simple electrical signal. Assuming that a keyboard doesn't need a terrible lot of bandwidth, it's unlikely that the pulse frequency is terribly high (lower max frequency DSPs are cheaper than higher ones), so the 96kHz max capture off a sound card should be more than enough. Even if it isn't, though, there are fourier techniques to detect aliasing and get a higher freq
urm (Score:2, Insightful)
Re: (Score:3, Insightful)
Re: (Score:3, Interesting)
Others suggested dish antennas. For 27Mhz, no way.
Re:urm (Score:5, Informative)
So you might need to worry about it in say, an office or school environment.
Re:urm (Score:4, Insightful)
Re: (Score:2)
Honestly if you are close enough to employ this technique (including operating the kind of hardware necessary to do this undeniably cool hack) then you are close enough to shoulder surf long enough to get the guy's password. Or wait for him to go to lunch, flip over his keyboard and read his password from the post-it note on the back-side of his keyboard. Or even just start typing, because most people don't even bother to lock their machine before walking away for lunch.
It is a cool, if mildly imprac
Re: (Score:2)
I'd imagine that the creepy dude in the next apartment gets a quite usable signal from your wireless keyboard. As does the hippie type upstairs and the guy across the hall with too many teeth, two expensive cars, and no visible means of support. Then there are the fake cable
Re: (Score:2)
Re:urm (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
It's 27MHz. It'll penetrate anything. The only reason why distance is severely limited by default is that the antennas are crap.
Re: (Score:2)
Re: (Score:2)
The article doesn't say, but I would assume that it was air. Of course other materials are going to cut down signal strength... So maybe you only get 5 meters instead of 10 - depending on where your computer is physically located that can still put the snooper on the other side of a wall. And agai
Re: (Score:2)
Re: (Score:2)
Now, an optical sniff from a distance - for example, mounting a chip ccd inside and feeding it to a gumstix, both within the victim's monitor and powered thereby, would be an impressive optical sniffing hack.
Under my desk (Score:2, Insightful)
Re:Under my desk (Score:5, Informative)
Re:Under my desk (Score:5, Funny)
Re: (Score:2)
A decent arial can make a massive difference to reception - directional antennas, like those used by people trying to sniff your wifi, can extend the range 10x.
Radio reception can be highly influenced, and non-linear, due to local conditions. Try moving your receiver...
Re: (Score:2)
Re: (Score:2)
Re:Under my desk (Score:5, Insightful)
Re: (Score:3, Interesting)
Re: (Score:3, Funny)
Re: (Score:3, Interesting)
Wouldn't much matter. Someone who would actually go out and purchase for a low ID for nothing more than the sake of the number warrants comparable Geek Cred as someone who just happened to stumble across Slashdot early enough to snag a low ID. Both methods are Geek-significant in their own way, and both methods are absolutely meaningless in their own way. It's a wash.
-
Re: (Score:2)
Really big aerials can hear really weak signals. I know 4 year olds who have grasped that
I call bull shit on that, or at least the fact that 10 minutes after you tell them what's what that he'd remember anything about aerials, a frames, wip's, omni, line of sight, or any other type of antenna/directional capabilities of anything including your home phone.
He didn't mention anything about all that. You're basically explaining: "See that huge antenna? That works better than a small antenna. Bigger is better." And what kid won't understand that?
Re: (Score:2)
Radio's not the hobby it used to be, man. Lay off the young'in.
Gimme a break (Score:5, Insightful)
Anyone concerned about security doesn't use a wireless keyboard....Durrrr
Re:Gimme a break (Score:4, Insightful)
Re: (Score:2)
Re:Gimme a break (Score:5, Interesting)
That might seem like a trivial concept to you but I saw a wireless keyboard in use at a doctors office some years ago. When I mentioned to the staff that I didn't want them typing my personal details on that particular keyboard, they looked at me like I was wearing an actual tin foil hat.
Geeks need to realize that geeks aren't the only people who work in IT. Sensationalizing this sort of story hurts nobody and might actually spread awareness.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:3, Interesting)
The conversation went something like this:
Me: You don't have a pop-up blocker then?
Dr: No. What's that?
Me: How about security software, anti virus?
Dr: No. What's that?
Me: How many patient records are stored on that thing?
*sigh*
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Gimme a break (Score:5, Interesting)
It does make it easier to deploy our systems in our operatories because of the distances between the dental chairs and the computer bays. I would need 12 to 18' long cords on keyboards (and mice) and that would be a massive pile of shit to deal with in a hygiene or doctor's operatory due to how our system works. Not just our system, but the majority of dental practices (and I've seen a lot of medical practices setup the same or similar) are arranged the same way. The air space is so great between where the keyboards and mice need to sit and where the computers are located that it would not be practical to run cabled keyboards and mice. Plus, the chances of someone monitoring our wireless keyboards is so slim that I felt the risk was minor. I still do.
On the other hand, I believe the chances of someone trying to get into a wireless network are much greater and even with newer encryptions and firewalling/controlled access I would never allow such a network to be installed in this building. If they tried to push that agenda, I'd have my personal lawyer draw up a contract for the owners to sign absolving me of all responsibility for any break-ins that might happen and guaranteeing me a position with the company after any breach (or a VERY large golden parachute clause so I would have a lot of time to find a new position). That would probably get their attention and shut down the wireless network chatter but, as I said above, I still do not think there is enough of an issue with wireless keyboards to warrant more than a slight increase in watch status.
Of course, a couple of high profile theft of identity/information cases involving wireless keyboards will change my (and everyone else's) mind about that. Natch.
Re: (Score:3, Informative)
BTW, there is a way to use wireless keyboards and have good security. Use bluetooth devices that support long, configurable PINs, and choose PINs that are 12+ digits long, randomly-generated. I believe there are a few devices on the market that use 128-bit PINs, randomly generated on every reassociation, and automatically reassociate when the keyboard is placed on the charging stand. Those seem ideal -- highly secure and very easy to reassociate.
I don't have any specific brands or models to suggest, thou
Re: (Score:2)
There is a well established connectivity layer for such devices which has reasonable encryption, key management and interference/frequency control. It is also widely interoperable. It is called Bluetooth.
So some blowhard that does not have any f*** clue whatsof***ever decides to go the cheapskate route and use Rot13-like wankoff instead of the well established system. As expected - the first kid coming about cracks it with ease.
And that is the actual story. Rinse, repeat. Mic
Re: (Score:2)
I looked at bluetooth, but was under the impression that the response times (lag) just weren't as good as direct radio.
Is this false?
(There's also the problem of Bluetooth just being more complex and prone to going wrong..)
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Informative)
EU versions operate nearly universally on 2.4. I wrote this pissed off coming back from a shop looking for guess what - a keyboard with decent crypto layer. 5 wireless wankoffs, all with an wankoff encryption and all tossing all over the 2.4 band. 1 MSFT, 1 Logitech, 3 Chinese nonames. All 2.4
Re: (Score:2)
Secondly, I work in a field which requires a lot of attention to security. While it may not be important to you, it IS the focus of this discussion and the article. Your post of "Well, security isn't important to me, so you're an i
Re: (Score:2)
OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...
I hope you never type any passwords or credit card numbers on your keyboard ...
Rich.
Re: (Score:2)
OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach".
Given how trivial it would be to implement good encryption, the "blowhard" is right. The makers of the keyboard have done their customers a real disservice by implementing something crappy, because most customers will assume that it's good, and because it would have taken such little additional effort to meet that obvious assumption. In fact, it might well have taken *less* effort to use existing, proven ciphers and protocols than to construct something homegrown and weak.
Anyone concerned about security doesn't use a wireless keyboard....Durrrr
Or uses a bluetooth wireless
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
It appears that QuantumG's ex- got mod points today...
Just Mess with the Listener! (Score:5, Funny)
Re:Just Mess with the Listener! (Score:4, Funny)
Re: (Score:2)
Shocked (Score:5, Interesting)
Any news on other manufacturers? I'm particularly concerned about Cherry (the only wireless keyboard I own, soon to be replaced with a bluetooth Logitech) for my HTPC.
P.S. for the nay-sayers - yes, I too have endless problems with the range of wireless keyboards but I dare say a proper antennae (as opposed to the tiny ones used in the standard receiver) you could probably get a clear signal from up to 10-15m away (25MHz = ~11.5m wavelength, no? ~5m aerial is easy enough to conceal). That's easily enough to snoop someone's keypresses from outside, even off-property.
As an aside, I'm aware that Bluetooth is an open standard, hence probably peer reviewed, hence probably having an association/encryption method that wasn't dreamt up by a crackhead. Can anyone here speak on its relative resilience in its current form, notwithstanding all of the vulns there've been in shoddy stack implementation?
Re:Shocked (Score:4, Interesting)
The summary ended sort of ominously, didn't it? "Bluetooth, it seems, is safe for the moment."
I feel relatively safe with my bluetooth Logitech keyboard (which I wouldn't give up for the world), but my worry is that the bluetooth implementation is not necessarily up to scratch. My particular keyboard is designed to be used with the USB dongle that came in the box, and Logitech don't officially support the keyboard's use with other bluetooth devices, which makes me wonder why (although it will work with my Apple laptop's built-in bluetooth receiver for basic functions).
Re: (Score:2)
Re:Shocked (Score:5, Informative)
Re: (Score:2)
Re:Shocked (Score:4, Insightful)
Re:Shocked (Score:5, Informative)
Re: (Score:2)
That is just the pairing code. So if you switched your device into pairing mode anyone could pair with it. The encryption is based on a different, randomly generated, key: http://en.wikipedia.org/wiki/Bluetooth#Security [wikipedia.org]
True, but an attacker who knows the pairing code (PIN), and can eavesdrop on the pairing conversation can recover the key. An attacker who doesn't know the PIN and can eavesdrop on the pairing conversation can perform a brute force search to recover both PIN and key. Devices that care about security don't use default or fixed PINs and allow you to set a PIN that is long enough to make brute force infeasible.
It is exploitable (Score:2)
BT Keyboards often have a pairing mode (okay, some have a default of 0000), where the user has to put the keyboard into discoverable mode, and type in the code.
Still, everything is vulnerable, given enough resources.
Re: (Score:2)
Why? (Score:2)
Re:Why? (Score:4, Interesting)
I'll never trust those things (Score:5, Interesting)
A few years ago, the company I was working at decided to upgrade a few favoured individuals with a wireless keyboard/mouse combo. There was no good reason for them to have it, other than looking cool, but they got it anyway.
The first one was installed, and was a great success. The user loved being able to move their keyboard and mouse without, uh, being limited by a cable. They didn't actually move it, but they liked the fact that they could. Or maybe it was the fact that their desk didn't have any wires cluttering it up. Whatever it was, they loved it.
So the second one was installed, on a desk maybe ten metres away from the first.
It was a disaster. The two sets of devices conflicted with each other. Basically, the first one to switch on in the morning got control of both computers. When the second one was turned on, it found the devices on the other desk instead of its own ones, and then anything the first user did was echoed on the second machine as well.
It didn't take the engineering team long to fix the problem -- the two sets of devices were set to the same ID -- but it did nothing to inspire confidence. What that incident tells me is that if I want to hack these devices, all I need is a computer with a compatible receiver with the same ID, and hide it somewhere in range of their desk.
Things may have improved since then, but frankly I don't see the need for these devices to be wireless (especially on a desktop computer); no matter how good they make them, they'll still be an open security hole because the signals will always be available outside of your control.
This applies to any wireless device. But some wireless devices are more useful than others. For example, a mobile phone is a good use of wireless technology because it provides significant usability improvement over a wired phone. But for me a device like a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.
Re: (Score:2)
There's half a dozen wireless keyboards operating OK in my current office room, which is probably about ten metres long. They're mostly things people have brought in from home as we also just get standard wired stuff by default. Maybe this helps as
Re: (Score:2, Insightful)
a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.
Come on! There aren't people beating down your doors to find out your password for slashdot! And there are far easier ways to get your financial information. Take the old adage about outrunning a bear, you don't have to run faster then the bear, you just
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
But imagine all the fun you can have by... say swapping a buncha keyboards/mice after hours. If they're all the same make/model, it's great. Walk by 10 cubicles, pickup their mice, shuffle'em, replace them where they were before.
This is even better than setting their wallpaper to be a screenshot of their screen!
Re: (Score:2)
You can do all of those things with a wired keyboard, but you've got to deal with twisting up th
Re: (Score:2)
Wireless keyboards have encryption? (Score:5, Interesting)
In a high security enviroment I could see the need. Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna (see TEMPEST [wikipedia.org] on Wikipedia). I've seen demonstrations where the keystrokes have been picked up by sensitive antennas 50m away thru a normal wall. A highly encrypted wireless keyboard might be safer; I'm not sure if such a product even exists today. A simpler option might be to place the computer and keyboard in a faraday cage...
Re: (Score:2, Insightful)
Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna
QFT
You're the first response I've read here that has been anti wired (or at least nuetral to both) and for a legit reason!! The rest of these fanboys are shouting about wireless sucks beause its unencrypted, forgetting this small detail which would allow you to "hack" into a wired keyboard at a larger distance.....given of course you have a decent line of site lol.
For ANY security measure, or lack there of, there is ALWAYS a way in. The only issue in gaining access is where you look and how hard you'v
No encryption mybe? (Score:5, Insightful)
Re: (Score:2)
Encryption is weak, signal is weak (Score:2)
Antenna Crack? (Score:2, Funny)
Smooth your face
Bounce signal back
Lower power
Avoids attack
Burma Shave
Bluetooth safe? (Score:5, Informative)
Bluebag Project [computer.org] can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).
Re: (Score:2)
The article you reference has absolutely nothing to do with cracking Bluetooth as far as I can see, though it does mention several security flaws in implementations in the introduction. It's talking about going around trying
Re: (Score:2)
The authors held a lecture here in Cracow on Confidence 2007 though and talked about the second mode of operation too.
You can go with the bag around some airport or just down a street and send out your data to all open devices, infecting them with malware or such. But you can just as well place it outside a building of given company, say, in your car trunk, and let it brute force the devices in the building. The authors didn't admit to anythi
Re: (Score:2)
Only with a weak or non-changeable PIN. Use a long pin (12+ digits) and you're pretty safe.
Why bother breaking encryption at all? (Score:2)
Beware the ad (Score:2)
Shame on Intel, The Register, and Camino for developing, printing, and rendering such malware.
This was only for select Microsoft Keyboards (Score:3, Informative)
The Slashdot article is very misleading.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
I can imagine it now - XBox Live has issued a hotfix for insecure wireless controllers. This patch contains the Microsoft patented double ROT13 "cleartext" encoding and is mandatory for all users.
In other news, Sony announced today that they have agreed to license Microsoft's exclusive technology for use in their PS3 controllers and settled the multi-billion dollar lawsuit filed against them earlier this year.