Are Wireless Keyboard Inherently Insecure?

We all know about hardware keyloggers, but it seems to me that the concept of filtering keystrokes at the physical level gets even easier when people use wireless keyboards. To my knowledge, a wireless keyboard more or less just encodes ASCII characters, and then beams them to the little USB dongle via ~2.4GHz RF.

Isn't it technically possible to intercept these transmissions if you got close enough to someone [say, the next cubicle over?] with something like this and have essentiallty a wireless keylogger? Are these keyboard transmissions encrypted in any way? Is there any way to defend against this if they aren't?

Catatonic27

Posted 2015-02-08T19:15:09.347

Reputation: 611

I found a question on ServerFault about this problem.

– VL-80 – 2015-02-08T19:19:40.127

@Nikolay: Thanks for the comment! That thread looks like it's specifically about Bluetooth. I'm more worried about the cheaper Logitech-style keyboards that require no manual pairing. – Catatonic27 – 2015-02-08T19:33:19.713

Answers

Are wireless keyboards inherently insecure? No... And yes.

Most of the brand name vendors of wireless peripherals such as Logitech and Microsoft encrypt the wireless signals of their devices. This does add a layer of security. However, it is not foolproof. Just recently, the encryption of Microsoft's wireless keyboard had been hacked.

However, does this mean wired keyboards are any more secure? They aren't broadcasting their keystrokes over the air... or are they? What happens when you press a key? It makes a sound - vibrations in the air. There have been numerous articles about the ability to eavesdrop on a keyboard by the sound the keys make.

Both of these methods of cracking security do require the attacker to be fairly close to the computer he is trying to compromise. This is as close to being physically there as you can be without being right at the computer. It is always assumed that, if a hacker has physical access to a machine, they can get full control.

In my opinion, it is far easier to just use a keylogger, physical or software, than to try to intercept and decrypt wireless signals. I would trust a wireless keyboard in most situations, except for high security needs.

Keltari

Posted 2015-02-08T19:15:09.347

Reputation: 57 019

Thanks for the comment! I guess that makes sense. The kind of close proximity they would need to compromise a keyboard that way already makes your security slightly inert. I'm taking some security classes right now, and doing a lot of research and I'm beginning to discover just how sickeningly easy it is to compromise a computer if you have physical access to it. – Catatonic27 – 2015-02-08T19:37:45.617

@Catatonic27 Physical access and naive users are a bigger threat to computer security than anything else. – Keltari – 2015-02-08T19:42:16.147

It is not just wireless keyboards that are insecure. Take a look at these people. They managed to intercept keystrokes from a standard wired (and wireless) keyboards from 60 feet away. With a normal keyboard and an interested attacker you are not gonna be safe.

They also have a whitepaper found here or here

birdman3131

Posted 2015-02-08T19:15:09.347

Reputation: 662

While the linked article is scary (compromising wired keyboards), it's a bad idea to think "well, wired are hacked, so there's nothing we can do, oh well". The thing to do in this case is to test wired keyboards for these vulnerabilities, release a standard showing which are secure/insecure, and get consumers to vote with their dollars towards the better standard, in the hopes it drives manufacturers to design keyboards with security in mind. – linagee – 2019-07-29T22:08:07.887

I was once called to a security incident in which case a user thought their computer had been compromised.

Long story short, the user had two low-end 2.4Ghz Microsoft keyboards that he had paired to the same reciever and a co-worker had come by on lunch and borrowed his extra keyboard. I still don't know how to this day (and haven't thought a lot/researched much since but I suspected multi-pairing or RF channel overlap), but when the co-worker paired this keyboard to his dongle and he typed on the keyboard, it also typed characters on the other guy's screen.

Needless to say it was quite hilarious once we figured it all out. It's also (unfortunately) one of my better IT stories.

Essentially, yes physical attacks are possible and devastating. I mimic the above answerer's reference to the recent discovery of a flaw in Microsoft's implementation of encryption, but let's not forget that lots of security breaches utilize tools and features that are known and recognized by the tool manufacturer and are simply used maliciously as opposed to how a standard target demographic user may use them.

PTW-105

Posted 2015-02-08T19:15:09.347

Reputation: 223