Story 2016-08-01 1P52K KeySniffer malware exploits cheap wireless keyboards

KeySniffer malware exploits cheap wireless keyboards

by
in security on (#1P52K)
A vulnerability in inexpensive wireless keyboards lets hackers steal private data, security company Bastille reported this week. The vulnerability lets a hacker use a new attack the firm dubbed "KeySniffer" to eavesdrop on and capture every keystroke typed from up to 250 feet away.

Affected keyboards are made by eight companies: HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTec.

The vulnerable keyboards are easily detected because the USB dongles they use are always transmitting synchronization packets to let the keyboard find them, whether or not they're in use. The synchronization packets contain the unique identifier for the keyboard or dongle. Once a vulnerable keyboard is identified, the hacker uses the identifier to filter wireless transmissions for the keystrokes sent by the target keyboard.

Hackers not only can steal data, but also can inject keystrokes to type remotely on a vulnerable computer, installing malware or stealing data.

None of the affected keyboards can be patched, and the safest option is to switch out to a Bluetooth keyboard -- or better yet, a wired keyboard, Bastille's Marc Newlin said.
Reply 1 comments

Logitech? (Score: 1)

by reziac@pipedot.org on 2016-08-02 17:18 (#1P93T)

I don't see Logitech on that list. Nor does it tell me which are rebadged and made by whom.

Seems to me there should be a simple utility folks can use to determine vulernability.