Article 4B70A How a wireless keyboard lets hackers take full control of connected computers

How a wireless keyboard lets hackers take full control of connected computers

by
Dan Goodin
from Ars Technica - All content on (#4B70A)
fujitsu-901-keyboard-800x599.jpg

Enlarge (credit: Fujitsu)

There's a critical vulnerability in a model of Fujitsu wireless keyboard that makes it easy for hackers to take full control of connected computers, security researchers warned on Friday. Anyone using the keyboard model should strongly consider replacing it immediately.

The Fujitsu Wireless Keyboard Set LX901 uses a proprietary 2.4 GHz radio communication protocol called WirelessUSB LP from Cypress Semiconductor. While the keyboard and mouse send input that's protected with the time-tested Advanced Encryption Standard, the USB dongle that accepts the input accepts unencrypted packets as well, as long as they're in the proper format.

Researchers with the Germany-based penetration-testing firm SySS developed a proof-of-concept attack that exploits the insecure design. Using a small hardware device, they are able to send commands to vulnerable Fujitsu keyboard receiver dongles that are within range. As the video below demonstrates, the researchers were able to send input of their choice that's automatically funneled to the connected computer.

Read 7 remaining paragraphs | Comments

index?i=W0PcJbqCXMI:5nPdPLvJBow:V_sGLiPB index?i=W0PcJbqCXMI:5nPdPLvJBow:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments