7
2
At work I am using a wireless mouse and keyboard. I was sitting at my desk this morning wondering if and how they are secured against key loggers.
What stops another device from listening to my key strokes and looking for things like:
www.mybank.com<tab>1111222233334444<tab>mypassword
Is the assumption that the range on these devices is too small to be listened to by a malicous person?
sixtyfootersdude
Posted 2011-05-19T13:49:22.167
Reputation: 6 399
5
Wireless keyboards should be considered insecure unless they specifically state they use channel encryption.
Do a google search for 'keykeriki' - it's a sniffing tool for wireless keyboards.
eg: http://www.symantec.com/connect/blogs/wireless-keyboard-vulnerability
Linker3000
Posted 2011-05-19T13:49:22.167
Reputation: 25 670
1
Some manufacturers use AES encryption for selected or all keyboards that communicate with custom USB radio receiver, or implement Bluetooth which has its own security stack. Others only XOR data with certain value (e.g. MAC address) which is more of an obfuscation than encryption.
Here is an explanation from security researcher how he managed to capture communication of Microsoft Comfort Desktop 5000 http://travisgoodspeed.blogspot.com/2011/02/promiscuity-is-nrf24l01s-duty.html
When it comes to wireless mice - many manufacturers don't use encryption (excluding Bluetooth devices) - I guess they assume that information about right/left key presses and screen coordinates is not confidential.
user44
Posted 2011-05-19T13:49:22.167
Reputation: 151
0
It is possible to "sniff" the transmission, but yes due to the limited range and the fact that most of the devices are "paired" to one another it is harder to "sniff" this signal, than ,for example, cracking the wireless and collecting packets from there.
xciter
Posted 2011-05-19T13:49:22.167
Reputation: 524