Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Input Devices Wireless Networking Hardware

Wireless Keyboard "Encryption" Cracked 232

squidinkcalligraphy writes "While everyone is going on about wireless network security, it seems few have considered that increasingly common wireless keyboards can be vulnerable to eavesdropping. Particularly when the encryption is pitifully weak. All that's needed is a simple radio receiver, sound card, and a brute-force attack on the 8-bit encryption used. Passwords galore! Bluetooth, it seems, is safe for the moment."
This discussion has been archived. No new comments can be posted.

Wireless Keyboard "Encryption" Cracked

Comments Filter:
  • Why a soundcard ! (Score:2, Interesting)

    by iMaple ( 769378 ) *

    Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC.
    Why did they need a sound card to crack a wireless keyboard ? Play operatic songs to crack glass keyboards ? or to play "You have been pwned" on blaring speakers after the cracking is over ? On a serious note, they do not need any sound input/output for this, right ?
    • by WombatDeath ( 681651 ) on Tuesday December 04, 2007 @05:59AM (#21569991)
      I doubt they need output, but perhaps the function of the sound card is to capture the input from the radio receiver.
    • by account_deleted ( 4530225 ) * on Tuesday December 04, 2007 @06:02AM (#21569995)
      Comment removed based on user account deletion
    • Re:Why a soundcard ! (Score:5, Informative)

      by thetartanavenger ( 1052920 ) on Tuesday December 04, 2007 @07:21AM (#21570327)
      A sound card is a cheap alternative to a digital and more importantly, recordable oscilloscope. By plugging the radio into the sound card, it allowed them to record the individual bit's being sent by the device to be analysed using a waveform viewer. If you were using a normal oscilloscope for that purpose the data flashes on the screen so fast it's impossible to be useful in any way, except possibly to read the carrier frequency of the signal, which is something your sound card would probably have alot of trouble doing because they're generally too slow.
    • "Why did they need a sound card to crack a wireless keyboard?"

      Line in. Demodulate the 27MHz EM in hardware, and the resulting output is a simple electrical signal. Assuming that a keyboard doesn't need a terrible lot of bandwidth, it's unlikely that the pulse frequency is terribly high (lower max frequency DSPs are cheaper than higher ones), so the 96kHz max capture off a sound card should be more than enough. Even if it isn't, though, there are fourier techniques to detect aliasing and get a higher freq
  • urm (Score:2, Insightful)

    by wwmedia ( 950346 )
    wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?
    • Re: (Score:3, Insightful)

      by tacet ( 1142479 )
      not really. the antenna is the best receiver, so hacker equipped with yagi antenna can intercept signals from reasonable distance. /excuse my english
      • Re: (Score:3, Interesting)

        by thestuckmud ( 955767 )
        TFA mentioned the keyboards operate on 27MHz. That's a wavelength of over 11 meters. At about half a wavelength wide, a yagi will not be small.

        Others suggested dish antennas. For 27Mhz, no way.
    • Re:urm (Score:5, Informative)

      by sqrt(2) ( 786011 ) on Tuesday December 04, 2007 @06:19AM (#21570059) Journal
      My wireless logitech keyboard works from the next room over, although a bit unreliably. It's the basic, white, model with no fancy function keys or anything. I don't think they make it anymore.

      So you might need to worry about it in say, an office or school environment.
      • Re:urm (Score:4, Insightful)

        by rycamor ( 194164 ) on Tuesday December 04, 2007 @02:11PM (#21575479)
        In our development dept., one guy used a wireless Logitech keyboard to set up his test FreeBSD box, then left the box on for the next couple days without checking (he did log out, though). Next time we looked at it, the screen was covered with login passwords, chat discussions, company memos, etc... We fairly freaked for a minute, then after a bit of quick reconnaissance, discovered that the company's sales director was also using the same keyboard in an office 3 rooms over. So somehow not only did these two keyboards happen to have the same encryption key, but the signal went through 3 walls and 30 ft of space to reach our console. We stopped using wireless anything after that.
    • This.

      Honestly if you are close enough to employ this technique (including operating the kind of hardware necessary to do this undeniably cool hack) then you are close enough to shoulder surf long enough to get the guy's password. Or wait for him to go to lunch, flip over his keyboard and read his password from the post-it note on the back-side of his keyboard. Or even just start typing, because most people don't even bother to lock their machine before walking away for lunch.

      It is a cool, if mildly imprac
      • ***Honestly if you are close enough to employ this technique (including operating the kind of hardware necessary to do this undeniably cool hack) then you are close enough to shoulder surf long enough to get the guy's password.***

        I'd imagine that the creepy dude in the next apartment gets a quite usable signal from your wireless keyboard. As does the hippie type upstairs and the guy across the hall with too many teeth, two expensive cars, and no visible means of support. Then there are the fake cable

      • Not exactly. You could employ a homebrew dish antenna from a room or two away, much like using a remote directional mic. Hell, since radio works better through walls than sound, you don't even need to be visible to the victim.
    • Re:urm (Score:4, Informative)

      by Ephemeriis ( 315124 ) on Tuesday December 04, 2007 @08:10AM (#21570587)

      wouldn't the hacker have to be you know, under your nose quite literally, to intercept the signals from your keyboard?
      TFA says they were able to snoop from up to 10 meters away with a "simple radio receiver". That's not too bad. 10 meters could easily put you in a different room, on a different floor, or outside. And that's just with a basic antenna... Put together something more directional and I'm sure you could get more distance. Definitely enough to snoop on someone from the office/apartment next to you.
      • 10 metres away though what kind of material? 10 metres away through air wouldn't surprise me. However, in my apartment building, there's concrete floors/ceilings. How easily would the signal travel through that?
        • by amorsen ( 7485 )
          10 metres away though what kind of material? 10 metres away through air wouldn't surprise me. However, in my apartment building, there's concrete floors/ceilings. How easily would the signal travel through that?

          It's 27MHz. It'll penetrate anything. The only reason why distance is severely limited by default is that the antennas are crap.
        • Easily enough that a dish-type antenna would still pick it up, I'll bet.
        • 10 metres away though what kind of material? 10 metres away through air wouldn't surprise me. However, in my apartment building, there's concrete floors/ceilings. How easily would the signal travel through that?

          The article doesn't say, but I would assume that it was air. Of course other materials are going to cut down signal strength... So maybe you only get 5 meters instead of 10 - depending on where your computer is physically located that can still put the snooper on the other side of a wall. And agai

    • The place I work at does some security work and as part of one of their tests they too a directional aerial up the nearby hill. The hill is only about a mile away, but from the top of it then they could pick up wireless networks and some keyboards from the main site. AFAIK it wasn't anything overly fancy either, just a fairly standard directional aerial of the type that could be done to a lesser extent with a normal aerial and a Pringles tin.
  • Under my desk (Score:2, Insightful)

    Hey, I already got problems using my wireless keyboard 5 feet away from its receiver, so the guy trying to spy on me would have to be pretty close, no?
    • Re:Under my desk (Score:5, Informative)

      by lhaeh ( 463179 ) on Tuesday December 04, 2007 @06:18AM (#21570051)
      That idea came up when this item was posted to Hack A Day [hackaday.com] The reason for the limited reception range is that receivers use pathetically small, internal antennas: Mine was about 1/32 wavelength. With a full wave antenna or directional antenna, you can easily pick them up from outside a building. After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.
      • by EatHam ( 597465 ) on Tuesday December 04, 2007 @07:06AM (#21570255)

        After I added a lager (1/4 or 1/8 wave) antenna to my receiver, I could type with my keyboard outside the house.
        After I added a lager to my receiver, I also could type from outside the house, but when I finally went back in, the receiver was belligerent, and insisted on driving the car though it was in no state to do so.
    • FTFA: "succeeded in eavesdropping traffic from a distance of up to ten meters using a simple radio receiver. More sensitive receivers may make it possible to capture keystrokes over larger distances"

      A decent arial can make a massive difference to reception - directional antennas, like those used by people trying to sniff your wifi, can extend the range 10x.

      Radio reception can be highly influenced, and non-linear, due to local conditions. Try moving your receiver...
    • Not if he's pretty good with a directional antenna. That's the magic of a parabola. For instance look at this [irongeek.com], particularly the parts about Bluetooth. Hence why you never do anything important of any kind of wireless unless it has very good encryption.
    • by Zerbey ( 15536 )
      Not really, I've picked up short range wireless devices from over 100ft away with my cheap RadioShack antenna and a basic scanner. Wireless signals go further than you think.
  • Gimme a break (Score:5, Insightful)

    by DNS-and-BIND ( 461968 ) on Tuesday December 04, 2007 @05:57AM (#21569985) Homepage
    OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...

    Anyone concerned about security doesn't use a wireless keyboard....Durrrr

    • Re:Gimme a break (Score:4, Insightful)

      by scrantaj ( 1165731 ) on Tuesday December 04, 2007 @06:25AM (#21570083)
      Sadly the unwashed masses on the internet are not concerned about security because they don't understand it. These are the people who fall for phishing mails, don't keep their AV up to date or blindly click ok on every dialog box that pops up on their system ( a response re-inforced by Vista's insistance on user interaction to do anything ). Expecting these people to use a wired keyboard to improve their security is pointless. They use wireless keyboards because they are "cool" or so that they don't have to mess around with all those untidy cables.
      • True enough, but it makes me wonder about how tight the encryption is on other brands of keyboard. I use a Logitech wireless myself, and I know a guy at work that uses one of those tiny Apple wireless boards. It also makes me wonder about those wireless security input panels they use to enter the building alarm shut-off codes where I work. If I can show a successful exploit, maybe I can push a little reform.
    • Re:Gimme a break (Score:5, Interesting)

      by dsginter ( 104154 ) on Tuesday December 04, 2007 @06:41AM (#21570149)
      Anyone concerned about security doesn't use a wireless keyboard....Durrrr

      That might seem like a trivial concept to you but I saw a wireless keyboard in use at a doctors office some years ago. When I mentioned to the staff that I didn't want them typing my personal details on that particular keyboard, they looked at me like I was wearing an actual tin foil hat.

      Geeks need to realize that geeks aren't the only people who work in IT. Sensationalizing this sort of story hurts nobody and might actually spread awareness.
      • Re: (Score:3, Funny)

        by Yvanhoe ( 564877 )
        Here in France, 3 years ago, the geek magazine "pirate mag" made fun of French military (Yes we also do that here) because they proudly announced the opening of their new "cyber-warfare strategical center" (or some other shiny words) and the picture that was given to every newspaper were two officers holding wireless keyboards in front of a flat display. The keyboard model was of course a very common one with absolutely no encryption.
        • How do you know the keyboard wasn't just a specialized designed super encryption wireless keyboard in a standard casing that happened to look the same as the one they sold to regular goes? The manufacturer could have easily taken an existing wireless keyboard, and added extra encryption in the same case.
      • Re: (Score:3, Interesting)

        by Bearhouse ( 1034238 )
        Right. Worse still, I was at the doctor's a while ago when I saw him furiously trying to close lots of Internet Explorer pop-ups.

        The conversation went something like this:

        Me: You don't have a pop-up blocker then?
        Dr: No. What's that?
        Me: How about security software, anti virus?
        Dr: No. What's that?
        Me: How many patient records are stored on that thing?

        *sigh*
        • You didn't include his answer. Was it "none, I'm forbidden by law from storing them on this computer"?
      • by v1 ( 525388 )
        That same doctor probably made a paper printout of the details at some point, and threw them away to be taken out by the trash man the next day, just after the dumpster diver recovered your medical history for his personal amusement. The risk of the keystroke theft occurring are a lot lower than the odds of a traditional dumpster dive which I imagine you hadn't even considered. It does no good to make noise about the cat in the room if you are ignoring the elephant.

        • I'm pretty sure throwing out patient records without shredding them would be illegal under HIPAA. And although it doesn't specifically mention wirelesss keyboards, it does mandate policies to limit access to equipment containing medical records.
      • by ozbird ( 127571 )
        Nitpick: There's a significant difference between working in IT and working with IT.
      • Re:Gimme a break (Score:5, Interesting)

        by fallen1 ( 230220 ) on Tuesday December 04, 2007 @09:13AM (#21571079) Homepage
        I am the head of IT for a large dental practice and we use wireless keyboards and mice in all of our operatories, at our front desk area, and in a couple of other areas -- because the owners wanted it that way, over my objections. They sign the paychecks so after I made sure they understood my objections, I gave them what they asked for.

        It does make it easier to deploy our systems in our operatories because of the distances between the dental chairs and the computer bays. I would need 12 to 18' long cords on keyboards (and mice) and that would be a massive pile of shit to deal with in a hygiene or doctor's operatory due to how our system works. Not just our system, but the majority of dental practices (and I've seen a lot of medical practices setup the same or similar) are arranged the same way. The air space is so great between where the keyboards and mice need to sit and where the computers are located that it would not be practical to run cabled keyboards and mice. Plus, the chances of someone monitoring our wireless keyboards is so slim that I felt the risk was minor. I still do.

        On the other hand, I believe the chances of someone trying to get into a wireless network are much greater and even with newer encryptions and firewalling/controlled access I would never allow such a network to be installed in this building. If they tried to push that agenda, I'd have my personal lawyer draw up a contract for the owners to sign absolving me of all responsibility for any break-ins that might happen and guaranteeing me a position with the company after any breach (or a VERY large golden parachute clause so I would have a lot of time to find a new position). That would probably get their attention and shut down the wireless network chatter but, as I said above, I still do not think there is enough of an issue with wireless keyboards to warrant more than a slight increase in watch status.

        Of course, a couple of high profile theft of identity/information cases involving wireless keyboards will change my (and everyone else's) mind about that. Natch.
        • Re: (Score:3, Informative)

          by swillden ( 191260 )

          BTW, there is a way to use wireless keyboards and have good security. Use bluetooth devices that support long, configurable PINs, and choose PINs that are 12+ digits long, randomly-generated. I believe there are a few devices on the market that use 128-bit PINs, randomly generated on every reassociation, and automatically reassociate when the keyboard is placed on the charging stand. Those seem ideal -- highly secure and very easy to reassociate.

          I don't have any specific brands or models to suggest, thou

    • by arivanov ( 12034 )
      You are telling the wrong story.

      There is a well established connectivity layer for such devices which has reasonable encryption, key management and interference/frequency control. It is also widely interoperable. It is called Bluetooth.

      So some blowhard that does not have any f*** clue whatsof***ever decides to go the cheapskate route and use Rot13-like wankoff instead of the well established system. As expected - the first kid coming about cracks it with ease.

      And that is the actual story. Rinse, repeat. Mic
      • I recently bought a wireless mouse- a Microsoft notebook one. It's great.

        I looked at bluetooth, but was under the impression that the response times (lag) just weren't as good as direct radio.

        Is this false?

        (There's also the problem of Bluetooth just being more complex and prone to going wrong..)
    • OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach". Durrrr...

      I hope you never type any passwords or credit card numbers on your keyboard ...

      Rich.

    • OK, instead of broadcasting in the clear, the keyboard gets a little encryption algorithm to prevent anyone from listening in. Some blowhard then takes it upon himself to crack the gradeschool encryption, and trumpets it far and wide as a "security breach".

      Given how trivial it would be to implement good encryption, the "blowhard" is right. The makers of the keyboard have done their customers a real disservice by implementing something crappy, because most customers will assume that it's good, and because it would have taken such little additional effort to meet that obvious assumption. In fact, it might well have taken *less* effort to use existing, proven ciphers and protocols than to construct something homegrown and weak.

      Anyone concerned about security doesn't use a wireless keyboard....Durrrr

      Or uses a bluetooth wireless

  • by Anonymous Coward on Tuesday December 04, 2007 @06:08AM (#21570019)
    That's why I use ^H in my passwords ;)
  • Shocked (Score:5, Interesting)

    by MrNemesis ( 587188 ) on Tuesday December 04, 2007 @06:15AM (#21570039) Homepage Journal
    After reading the analysis of the "encryption", I'm utterly flabbergasted that they've been able to get away with it for so long - this sounds like something that hasn't been cracked purely by laziness, because with only 256 possible combinations you could practically decode it in real time in your head.

    Any news on other manufacturers? I'm particularly concerned about Cherry (the only wireless keyboard I own, soon to be replaced with a bluetooth Logitech) for my HTPC.

    P.S. for the nay-sayers - yes, I too have endless problems with the range of wireless keyboards but I dare say a proper antennae (as opposed to the tiny ones used in the standard receiver) you could probably get a clear signal from up to 10-15m away (25MHz = ~11.5m wavelength, no? ~5m aerial is easy enough to conceal). That's easily enough to snoop someone's keypresses from outside, even off-property.

    As an aside, I'm aware that Bluetooth is an open standard, hence probably peer reviewed, hence probably having an association/encryption method that wasn't dreamt up by a crackhead. Can anyone here speak on its relative resilience in its current form, notwithstanding all of the vulns there've been in shoddy stack implementation?
    • Re:Shocked (Score:4, Interesting)

      by teh kurisu ( 701097 ) on Tuesday December 04, 2007 @06:39AM (#21570137) Homepage

      The summary ended sort of ominously, didn't it? "Bluetooth, it seems, is safe for the moment."

      I feel relatively safe with my bluetooth Logitech keyboard (which I wouldn't give up for the world), but my worry is that the bluetooth implementation is not necessarily up to scratch. My particular keyboard is designed to be used with the USB dongle that came in the box, and Logitech don't officially support the keyboard's use with other bluetooth devices, which makes me wonder why (although it will work with my Apple laptop's built-in bluetooth receiver for basic functions).

      • Blue tooth seems kind of finicky as for which devices work with which receivers. I know there's a few receivers that don't work with with the WiiMote. I think it has something to do with some companies (either the device or receiver manufacturers) not making everything according to the specs, or there may just be ambiguity in the specs. Most BlueTooth devices should work with most receivers, but I could understand why Logitech would write in the manual that their keyboard may not work with all receivers.
      • Re:Shocked (Score:5, Informative)

        by gabebear ( 251933 ) on Tuesday December 04, 2007 @09:22AM (#21571163) Homepage Journal
        According to Wikipedia [wikipedia.org], the best current attack against 128bit keyed BlueTooth takes the first 24bits of 2^23.8 packets. Packets are 2745 bits long so the attacker would have to monitor over 4.66GB of data transfer from your keyboard [google.com].
        • by cnettel ( 836611 )
          But, obviously, you should have two packets (down and up) for every keypress. If that means padding, then so be it. 8 million keypresses is quite reassuring anyway.
    • Re:Shocked (Score:4, Insightful)

      by fmobus ( 831767 ) on Tuesday December 04, 2007 @06:40AM (#21570139)
      I might (and wantto) be wrong, but all "non-interactive" bluetooth devices I've seen use the same factory-set password, namely "0000". Can anyone explain me why this isn't exploitable?
      • Re:Shocked (Score:5, Informative)

        by goofy183 ( 451746 ) on Tuesday December 04, 2007 @07:08AM (#21570271)
        That is just the pairing code. So if you switched your device into pairing mode anyone could pair with it. The encryption is based on a different, randomly generated, key: http://en.wikipedia.org/wiki/Bluetooth#Security [wikipedia.org]
        • That is just the pairing code. So if you switched your device into pairing mode anyone could pair with it. The encryption is based on a different, randomly generated, key: http://en.wikipedia.org/wiki/Bluetooth#Security [wikipedia.org]

          True, but an attacker who knows the pairing code (PIN), and can eavesdrop on the pairing conversation can recover the key. An attacker who doesn't know the PIN and can eavesdrop on the pairing conversation can perform a brute force search to recover both PIN and key. Devices that care about security don't use default or fixed PINs and allow you to set a PIN that is long enough to make brute force infeasible.

      • For example, Carwhisperer lets you capture and transmit audio to any Handsfree or BT headset using 0000 or 1234 as the password.

        BT Keyboards often have a pairing mode (okay, some have a default of 0000), where the user has to put the keyboard into discoverable mode, and type in the code.

        Still, everything is vulnerable, given enough resources.
    • I think the class II bluetooth receivers are good for 30 meters. I had a mouse + class II receiver and I was able to still scroll the computer from 20 meters away, through three walls and it still worked fine.
  • Why did they even bother encrypting it? I mean seriously, with a cipher this weak what's the point of even implementing it? It is actually harder to pick up the signal than it is to break the cipher...
  • by WibbleOnMars ( 1129233 ) on Tuesday December 04, 2007 @06:29AM (#21570095)
    Wireless keyboards? Pah, I'll never trust 'em.

    A few years ago, the company I was working at decided to upgrade a few favoured individuals with a wireless keyboard/mouse combo. There was no good reason for them to have it, other than looking cool, but they got it anyway.

    The first one was installed, and was a great success. The user loved being able to move their keyboard and mouse without, uh, being limited by a cable. They didn't actually move it, but they liked the fact that they could. Or maybe it was the fact that their desk didn't have any wires cluttering it up. Whatever it was, they loved it.

    So the second one was installed, on a desk maybe ten metres away from the first.

    It was a disaster. The two sets of devices conflicted with each other. Basically, the first one to switch on in the morning got control of both computers. When the second one was turned on, it found the devices on the other desk instead of its own ones, and then anything the first user did was echoed on the second machine as well.

    It didn't take the engineering team long to fix the problem -- the two sets of devices were set to the same ID -- but it did nothing to inspire confidence. What that incident tells me is that if I want to hack these devices, all I need is a computer with a compatible receiver with the same ID, and hide it somewhere in range of their desk.

    Things may have improved since then, but frankly I don't see the need for these devices to be wireless (especially on a desktop computer); no matter how good they make them, they'll still be an open security hole because the signals will always be available outside of your control.

    This applies to any wireless device. But some wireless devices are more useful than others. For example, a mobile phone is a good use of wireless technology because it provides significant usability improvement over a wired phone. But for me a device like a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.
    • by asc99c ( 938635 )
      Try being left handed (or working with others who are)! I've got wireless keyboard / mouse because almost everyone who ever sits at my desk to help with something for a couple of minutes can just move the mouse over to the right instead of complaining at me :)

      There's half a dozen wireless keyboards operating OK in my current office room, which is probably about ten metres long. They're mostly things people have brought in from home as we also just get standard wired stuff by default. Maybe this helps as
    • Re: (Score:2, Insightful)

      by Pascoea ( 968200 )
      I was waiting for someone to make the comment about a tinfoil hat, you guys took too long so I have to do it myself.
      a wireless keyboard really doesn't provide enough of an improvement over a wired one to justify the security implications from using it.

      Come on! There aren't people beating down your doors to find out your password for slashdot! And there are far easier ways to get your financial information. Take the old adage about outrunning a bear, you don't have to run faster then the bear, you just

      • The problem is that the people most likely to get a wireless keyboard in an office setting are the people with enough clout to tell IT to "install it or pack up your things". They are also the people that industrial espionage types want to snoop (VPs, Pres, CIO, CFO, etc).
    • That's why I use a trackball. You don't have to worry about cables so much when you don't move the pointing device around so much.
    • When the second one was turned on, it found the devices on the other desk instead of its own ones

      But imagine all the fun you can have by... say swapping a buncha keyboards/mice after hours. If they're all the same make/model, it's great. Walk by 10 cubicles, pickup their mice, shuffle'em, replace them where they were before.

      This is even better than setting their wallpaper to be a screenshot of their screen!
    • Obviously, you're not the type to get fussy about cables strewn all over your desk. Also, you probably don't switch mouse side frequently for variety, or you would see that the idea of a wireless keyboard is a good one: You can type on top of the desk, on your lap, under the desk, switch mouse side frequently, and move the keyboard out of the way for when you need the desk for something to do with actual paper.

      You can do all of those things with a wired keyboard, but you've got to deal with twisting up th
  • by WegianWarrior ( 649800 ) on Tuesday December 04, 2007 @06:29AM (#21570099) Journal
    You learn something every day I guess... since my otherwise decent wireless keyboard lose reception from one end of my coach to the other - ie I have to sit on the left side of the coach to use it - I figured that putting in even rudimentarty encryption would be kinda pointless from a security point of view (short range - evesdropper would have to sit in my livingroom). And judging by the article, encryption is empoyed more to associate a keyboard with a reciver thanas a measure of security.

    In a high security enviroment I could see the need. Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna (see TEMPEST [wikipedia.org] on Wikipedia). I've seen demonstrations where the keystrokes have been picked up by sensitive antennas 50m away thru a normal wall. A highly encrypted wireless keyboard might be safer; I'm not sure if such a product even exists today. A simpler option might be to place the computer and keyboard in a faraday cage...

    • Re: (Score:2, Insightful)

      Even if the intuitive guess would be that a wired keyboard might be safer, this is not necesarry the case; the unshileded wire used on most keyboards acts an an antenna

      QFT

      You're the first response I've read here that has been anti wired (or at least nuetral to both) and for a legit reason!! The rest of these fanboys are shouting about wireless sucks beause its unencrypted, forgetting this small detail which would allow you to "hack" into a wired keyboard at a larger distance.....given of course you have a decent line of site lol.

      For ANY security measure, or lack there of, there is ALWAYS a way in. The only issue in gaining access is where you look and how hard you'v

  • by Maavin ( 598439 ) on Tuesday December 04, 2007 @06:51AM (#21570191)
    Could be that the "encryption" is just a way to handle multiple keyboards in one reception range...
  • In my case, it can travel about 50cm before it becomes patchy and untypable. So I'm not particularly concerned about this :-)
  • Listen, Jack:
    Smooth your face
    Bounce signal back
    Lower power
    Avoids attack
    Burma Shave
  • Bluetooth safe? (Score:5, Informative)

    by SharpFang ( 651121 ) on Tuesday December 04, 2007 @07:48AM (#21570465) Homepage Journal
    Yeah, right.

    Bluebag Project [computer.org] can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).
    • by Torne ( 78524 )

      Bluebag Project can crack any bluetooth device in some 6 hours. The current form of it has a potential to increase the speed 8 times (currently it uses 8 dongles to scan possible 64 channels in paralell. If you use 64 bluetooth dongles to scan one channel each, you gain a lot of speed).

      The article you reference has absolutely nothing to do with cracking Bluetooth as far as I can see, though it does mention several security flaws in implementations in the introduction. It's talking about going around trying

      • Yep, I didn't find any detailed materials on their project online.
        The authors held a lecture here in Cracow on Confidence 2007 though and talked about the second mode of operation too.

        You can go with the bag around some airport or just down a street and send out your data to all open devices, infecting them with malware or such. But you can just as well place it outside a building of given company, say, in your car trunk, and let it brute force the devices in the building. The authors didn't admit to anythi
    • Bluebag Project can crack any bluetooth device in some 6 hours.

      Only with a weak or non-changeable PIN. Use a long pin (12+ digits) and you're pretty safe.

  • Just get the same model keyboard, plug in the receiver, and fire up your favorite text editor? Granted, I'm not up on my wireless keyboard technology, but this would work with the old one that I have, that is also the model the CIO uses in his presentations to the company. Scary.
  • Wow, that article page has a really annoying ad on it. I moved my mouse up toward the back button and... where the hell did the cursor go? Oh, the security guy in the Intel Centrino ad grabbed it and stomped on it. Clever.

    Shame on Intel, The Register, and Camino for developing, printing, and rendering such malware.
  • by DeadChobi ( 740395 ) <(moc.liamg) (ta) (ibohCdaeD)> on Tuesday December 04, 2007 @01:45PM (#21575001)
    The crack described in the article was only for select models of Microsoft keyboards. It doesn't affect every single keyboard in existence, especially since there is no standard. Other manufacturers may use more powerful encryption than Microsoft.

    The Slashdot article is very misleading.

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...