If they can do it to a wireless mouse, then a keyboard is actually rather straightforward. Wireless peripherals suffer from the same basic limitations and risks present in the growing legion of internet devices proliferating our society. Almost none of them have any kind of security, a fact that hackers are well aware of.
Recently, wireless security vendor Bastille has reported a critical vulnerability across at least eight major brands of wireless keyboards that allow hackers read keystrokes entered by a user from up to 250 feet away. All they need is a dongle that can be fashioned from off the shelf technology for less than a hundred dollars.
Theirs was not an especially rigorous study, and the researchers simply tested the keyboards they had readily available, so they were quick to point out that the problem may be much more widespread than their report indicates – additional testing is needed. However, their findings were disturbing enough, with the vulnerability impacting wireless keyboards made by:
All of these use transceivers from MOSART semiconductors, save for the keyboards made by Toshiba, which use transceivers from Signia Technologies and GE, which uses transceivers from an unknown supplier.
All of the transceivers have something in common. They all operate on the 2.4 GHz ISM radio band. This band lacks standards for how secured data should be transmitted, leaving it up to each vendor to come up with its own methodology…or not. Most vendors, being cost conscious, simply opt not to.
The researchers created a wireless dongle that fit into the attacker’s laptop that was based on an existing dongle used to control a cheap quadracopter drone. Using the modified dongle, they were able to scan for, and lock onto the signal of wireless keyboards. Once locked on, they could start capturing keystrokes from as far as 250 feet away, with an accuracy of 100%.
This underscores the incredible dangers that unsecured peripherals pose. To a determined hacker, it’s never been easier to breach your company’s defenses.