Researchers from security firm Bastille have found that millions of cheap keyboards are susceptible to an attack called Keysniffer, which allows hackers to not only inject keystrokes onto your machine but read what you type, too.
Keysniffer apparently affects accessories that use a less secure, radio-based communication protocol rather than a Bluetooth connection. Some of the manufacturers found to offer keyboards vulnerable to the attack include HP, Anker, General Electric, Insignia, Toshiba, and more.
KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors. The wireless keyboards susceptible to KeySniffer use unencrypted radio communication protocols, enabling an attacker to eavesdrop on all the keystrokes typed by the victim from several hundred feet away using less than $100 of equipment. This means an attacker can see personal and private data such as credit card numbers, usernames, passwords, security question answers and other sensitive or private information all in clear text.
It sounds like something out of a Mission: Impossible movie. Someone could potentially record your private keystrokes from hundreds of feet away and you wouldn’t even know it. This could all be avoided if you had a wired keyboard—or a wireless one that didn’t use cheap parts.
Keysniffer is by no means the first wireless vulnerability to be discovered, and I’m sure it won’t be the last. We hope the companies that make these wireless devices will take user security seriously by using protocols, such as Bluetooth, that are encrypted.
You can learn more about Keysniffer at Bastille’s website.