Guest writer Rick Robinette, one of my favorite Blogging buddies, explains why he’s concerned with the security of wireless keyboards.
I was sitting here typing on my wireless keyboard wondering what I could write about and explore next; when, low and behold it hit me. Are wireless keyboards secure? In other words, could another person intercept my keystrokes as I typed from my wireless keyboard? If this is possible, this is not good.
In my case I am an internet junkie and my credit card numbers, usernames and passwords to all of my accounts, could be stolen. I know as an IT professional that wireless networking can be a security risk; so why not wireless keyboards.
During my research I soon found out quickly from an article at Enterprise Security Today, titled “Symantec Warns of of Wireless Keyboard Security Threat”, that a new form of attack aimed at users of wireless keyboards had been uncovered.
Excerpts from that article:
The warning follows the release of Keykeriki, an open-source “sniffer” project that allows users to remotely decode wireless transmissions.
The project was created by a site called remote-exploit.org. “This open-source hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only),” the site notes.
Symantec warned that, although the creator’s intentions appear honorable, making the software code and hardware schematics open to everyone means that criminals could use the software to eavesdrop on wireless keyboard inputs. [ Source: Enterprise Security Today ]
I then came across excerpts and a YouTube video with Steve Gibson, Security Expert and Founder of GRC.com (makers of the Spinrite hard drive data recovery software), being interviewed by Leo Laporte (from the “The Lab with Leo Laporte”) regarding “The Frightening Insecurity of Wireless Keyboards” (see excerpts and video below).
Having a keystroke logger installed on a computer is one of the worst things that can happen. But what it everything you type on your wireless keyboard can be easily intercepted by a neighbor or office worker?!!! It turns out, it probably can be.
Leo and I will examine and describe the incredibly weak “encryption” used on Microsoft’s 1000 and 2000 series (and probably other) wireless keyboards to show how easily that encryption can be broken to allow anyone within “radio range” to log everything typed.
If you Google: “wireless keyboard encryption” right now you’ll find a number of links to articles about the recent revelation of how simple Microsoft’s wireless keyboard encryption is. [ Source: The Lab with Leo Laporte ]
Needless to say, following my reviews of this information, I am considering going back to a wired keyboard; at least until the wireless keyboard manufacturers can responsibly demonstrate that the data being transmitted from my keyboard to the receiver is encrypted and is not at risk of being intercepted.
This is a guest post by Rick Robinette, who brings a background as a security/police officer professional, and as an information technology specialist to the Blogging world.
Why not pay a visit to Rick’s site at What’s On My PC. Like me, you’re sure to become a frequent visitor.