Microsoft Wireless Keyboards Allegedly Susceptible to Keylogger Disguised as USB Charger

keysweeper_sniffer_samypl.jpg
Security researcher Samy Kamkar, well known for his prolific and creative work in exposing vulnerabilities on the Web and in various electronic products, has released details of a keylogger that can sniff keystrokes transmitted from several models of Microsoft wireless keyboards. The device is so tiny that it can be hidden inside common products. Kamkar has shown off a working device hidden inside a USB charger and, thus completely disguising it.
As noted by Ars Technica, the device, called KeySweeper, sounds like something right out of a spy movie. It works because Microsoft uses weak security to encrypt the proprietary connection between the wireless keyboards and their receivers. Making matters worse, each keyboard's wireless MAC address, which can easily be skipped, is used as the encryption key.
keysweeper_sniffer3_samypl.jpg
The hardware required is a tiny Arduino or Teensy board with a Nordic Semiconductor nRF24L01+ radio frequency transceiver. The design is customisable enough to allow for a battery, SIM card and integrated flash storage. Using these components, the KeySweeper could be hidden inside any ordinary-looking product and work even if it was lying on a table or in a drawer near the intended victim. An entire device can be assembled for less than $10 (approximately Rs. 620). 
Kamkar has published details including schematics and source code on his website. He also warns anyone trying to replicate the device that it is potentially dangerous to modify chargers, which plug directly into AC outlets. The device can just as easily receive power from any other source.
KeySweeper could either store keystrokes locally or transmit them via cellular networks. Going beyond this, the device could even send SMS messages to grab an attacker's attention when specific keywords such as usernames, web addresses, etc are typed.
Kamkar claims he purchased a brand new Microsoft wireless keyboard from a retail chain in order to demonstrate the vulnerability. Microsoft, however, has issued a statement to Ars Technica which claims that only devices sold prior to July 2011 are affected, since the company started using better AES encryption at that time. Wireless keyboards using Blueooth rather than proprietary RF are not susceptible to KeySweeper.

Comments

Post a Comment

Popular posts from this blog

Image
Micromax A115 Canvas 3D review Anupam Saxena ,  June 13, 2013 Micromax is following Samsung's footsteps in milking its flagship brand, Canvas series, adding new handsets across price segments with differentiated features. The Canvas 3D is one such effort. The company aims to lure users by offering a 3D smartphone at a never heard before price point. While phones with 3D display including offerings from LG and HTC have failed to create a niche for themselves after the initial buzz, we try to find out if the Canvas 3D offers something different. Design/ Build The Micromax A115 Canvas 3D sports the same 'phablet' form factor that we've seen in the A110 Canvas 2.  The phone is broad and bulky, and there's nothing that we've not seen so far, in terms of design. The 5-inch screen dominates the front along with markings for three capacitive touch buttons below the display, and the earpiece, front facing camera and proximity sensor above it. Just like t
Read more

6 ways to turn your USB pen drive into the ultimate powerhouse

Image
Any external USB storage drive, be it a pen drive or a hard drive, is used primarily for that reason - storage. But then, you knew there was more to it than that, didn't you? So let's find out today what else can be done with these tiny and innocuous looking pen drives. I can bet that some of these tricks will pleasantly surprise you. 1. Use it to run Dropbox or Google Drive on other computers You start working on someone else's, or may be a public computer and you realise that all your important files are on Dropbox (or Google Drive). And you've always hated their web versions. What do you do now? How about a thumb drive running the portable version of those tools? Dropbox portable should be available in the PortableApps suite or you could  set it up separately . Google Drive portable can be used  via SyncDocs . 2.Install a full-featured apps suite Using a full-featured apps suite is one of the most common ways to get the most out of your USB pen driv
Read more

GTA V pre-order delivery 'delayed' on Flipkart

Image
Flipkart's customers who pre-ordered GTA V, and were expecting their copies to arrive on launch day Tuesday, September 17, will be bitterly disappointed, as the Indian online retailer has informed them by email that the games will be only shipped from Mumbai on September 16 night, and take 1-2 days to reach them, depending on their location. GTA V is one of the most anticipated game releases of 2013, and is widely expected to be Rockstar Games' biggest cash cow yet. The game, which will initially only be released for the Sony PlayStation 3 and Microsoft Xbox 360, is priced at Rs. 2,999, with fans having to dish out Rs. 3,999 for the special edition. Those who pre-ordered were offered freebies to sweeten the deal - including a GTA Double-Sided Poster, Metallic V Locket and Atomic Blimp DLC. Flipkart's email reads: "Please note that due to publisher regulations we are not permitted to start shipping before the evening of September 16th and since we are going to
Read more