KeySniffer Vulnerability Lets Hackers Snoop on Your Wireless Keyboards

If you're using a cheap wireless keyboard, you could be opening yourself up to a remote attack capable of intercepting your most sensitive data, according to recent findings from a cybersecurity company. The vulnerability could affect millions of devices and exposes users?EU? credit card data, bank account passwords, and any information typed into documents or emails.

The security flaw was uncovered by digital security company Bastille, which specializes in detecting and addressing threats targeting the Internet of Things (IoT). The company, which publicly announced its discovery earlier this week, said that the vulnerability affects keyboards made by eight manufacturers: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.

Sniffing Keystrokes 250 Feet Away

Bastille?EU?s research team named the attack technique ?EU?KeySniffer,?EU? since it allows hackers to ?EU?sniff?EU? the keystrokes from wireless keyboards at distances of up to 250 feet. When they conduct KeySniffer attacks, hackers can eavesdrop and capture all the keystrokes victims type in 100 percent clear text, according to the company.

?EU?When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,?EU? said Bastille research team member Marc Newlin, who discovered the KeySniffer flaw. ?EU?Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.?EU?

Those eight manufacturers make the vast majority of inexpensive wireless keyboards, according to Bastille. The vulnerable devices are easy for hackers to detect, as they are always transmitting, whether or not the user is typing, Bastille said. As a result, a hacker can scan a room, building, or public area to discover vulnerable devices at any time.

The scope of the vulnerability is enormous. While other attacks might allow hackers to only access certain kinds of information or information that's delivered over certain...

Comments are closed.