http://www.theatlantic.com/technology/a ... newsletter
http://www.keysniffer.net/
Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption. A list of models is provided.
And keysniffer is the tool that helped make the discovery.
Concern over wireless keyboards
Re: Concern over wireless keyboards
this story comes out every few years. no, wireless keyboards are not secure. i would never type credit card details into one. but probably no one is listening when i do. still, why broadcast credit card details over the radio?labbe5 wrote:Popular wireless keyboards are not as secure as you might think. A security researcher has found some models don't have encryption.
i had an infrared keyboard at one point. but it was ps2-based.
a ps/2 keyboard can be read by anyone that taps into your electrical wiring, puts a meter on it and reads the meter needle with a laser. but thats still more work than it takes to get your wireless keyboard data (sometimes?)
even if you have a secure wireless keyboard (if one exists and you own it) chances are someone will just replace it with a less secure one, because ergonomics, or coffee. or cheaply made keyboards.
for a tablet, wireless is usually the only option.
microsoft makes a "laptop" with a wireless keyboard "built in," doesnt it?
-
- Posts: 1885
- Joined: Tue 05 Jun 2012, 12:17
- Location: Wisconsin USA
And the working range of a wireless keyboard is?
I think it would need to be a pretty persistent hacker to differentiate between the dozen keyboards in my office.
If you lose the receiver for one it is nigh impossible to get a replacement.
I think it would need to be a pretty persistent hacker to differentiate between the dozen keyboards in my office.
If you lose the receiver for one it is nigh impossible to get a replacement.
"Just think of it as leaving early to avoid the rush" - T Pratchett
it means you should consider using a wired usb keyboard for banking, until you read enough stories about people reprogramming the usb controller to infect your keyboard controller. a "usb condom" wont help in this case, because your keyboard is supposed to transmit data to usb, not just power from it.bark_bark_bark wrote:Does that mean for banking, you might want to pull out the trusty ol' IBM/Lexmark Model M keyboard? BTW, I would buy one if they weren't so expensive.
but also dont do online banking in a large apartment building with hackers living in it that can listen in over the electrical wiring
in short-- do whats reasonable. imo that means no banking over wireless keyboard (including bluetooth.) use wires. or just go to the atm-- but as we know, that has its own caveats.
im happy to use the atm personally, and i would be happy to use a (wired) usb keyboard for online banking, on a gnu/linux distro with an up-to-date browser, up-to-date kernel and dns, and up-to-date version of bash. in the future perhaps usb wont be secure enough, though for now i think its "probably ok." if youre going to use wireless at least avoid the models you know are not secure. what else can you do?
most logitech models (keyboard and mouse) can be reprogrammed using a small utility they offer for download, so if you have a 2-year-old logitech wireless keyboard and brand new mouse, you might get the adapter to work for one or the other other both (up to several devices.) its practically less trouble than pairing a bluetooth device.If you lose the receiver for one it is nigh impossible to get a replacement.
the range was mentioned in the op. i agree its a minor concern, but i dont get why people are so non-chalant about it. its not great security if people can listen to the radio broadcast of your passwords and credit card info-- and the idea of not being able to distinguish between those broadcasts is pure wishful thinking.
how many keyboards do you type on a the same time? its not like theyre sending steganographic noise to fool people the rest of the time. and the basic support software has no trouble distinguishing between the noise of your mouse and the keys of your keyboard.
Quite honestly I am not going to worry about it - especially at home.
I think a lot of these reports are generated by these security people just to justify their own existence most of the time. I can't imagine a competent thief spending months sitting around my street trying to intercept keyboard presses from my once a month access to my bank.
They would probably find it easier to hack the wireless router or tap the phone cable anyway.
I think a lot of these reports are generated by these security people just to justify their own existence most of the time. I can't imagine a competent thief spending months sitting around my street trying to intercept keyboard presses from my once a month access to my bank.
They would probably find it easier to hack the wireless router or tap the phone cable anyway.
"Just think of it as leaving early to avoid the rush" - T Pratchett