Keysweeper: proof that it’s relatively simple to hack a wireless keyboard

Have you ever worried about how secure that wireless keyboard you’re using really is? A lot of Microsoft wireless keyboards are not very secure: they’re poorly encrypted, making it an easy target for a moderately skilled tech person to create a device to hack it.

For just $10, a hacker can create a camouflaged USB charging device that tracks everything you type on a keyboard. Security researcher and hacker Samy Kamkar developed the device and called it Keysweeper: a cheap and functioning USB wall charger that sniffs and hacks keystrokes made on nearby wireless keyboards and then sends it to the hacker remotely. Samy listed his research on his website on which it shows readers a step by step tutorials on how to create one.

Device can alert the hacker by SMS if certain information is typed, such as a credit card number

keysweeperKeysweeper sniffs, decrypts, logs and reports all your keywords that you enter into any wireless Microsoft keyboard. It can store and log all your input in several ways: on a chip for retrieval later, online and even onto the creator’s mobile phone. Samy’s website even explains how someone can create a similar device with a GSM chip included that can send all the input to the creator’s mobile phone. It can be programmed to send the creator a text message whenever certain keywords such as passwords, a credit card number or bank information is entered. The Keysweeper recharges when plugged in and runs off of battery when not connected to a power source.

To people being spied on, it looks like just another USB charger plugged into a wall socket making it the ultimate hacking weapon for use in public places with internet. The creator can simply put the device into a wall socket of a local library, even a business, and spy on everyone who uses a wireless keyboard nearby.

Wireless keyboard hacking: the next hacking trend?

Wireless keyboard hacking is not new. When you Google “wireless keyboard hacks” you’ll find plenty of examples. The ultimate goal of many hacks, including a wireless keyboard hack, is to get access to sensitive information such as bank accounts and passwords. The key advantages of the wireless keyboard hack over a traditional hack from a hackers perspective are:

  • The hacker doesn’t need physical access to the target PC.
  • The device is not recognizable as a spy device, while a USB stick on a target machine used in traditional hacks would be.
  • It can be a cheap and quick way to get access to a user’s keywords and ultimately passwords.

Keysweeper is an example of a sniffer. A sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network’s security because they are hard to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker’s arsenal.

Are wireless keyboards a security risk?

wireless_keyboardTechnically, all wireless keyboards are encrypted. But the XOR-encryption built into certain Microsoft wireless keyboards can relatively easily be hacked. XOR works by using the boolean algebra function exclusive-OR (XOR). XOR is a binary operator, meaning that it takes two arguments. By itself, using a constant repeating key, a simple XOR cipher can trivially be broken using frequency analysis.

Microsoft still sells wireless keyboards with XOR encryption, as was also pointed out by Samy since he bought the keyboard he used for his research a few weeks before at a local Best Buy store. So, unless people pay attention to what type of encryption the keyboard that they buy has, they can be vulnerable to these type of exploits. The fact that anyone with mediocre tech skills can develop a similar device for just $10 or less, is scary.

Microsoft released a statement today in response:

“Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology.”

Going for a bluetooth or wired keyboard is still your best bet. You may have to consider whether that extra piece of wire is a price you want to pay for extra safety.

Have a great (malware-free) day!

  • Sam0077

    Thankfully more by luck than judgement have a MS 3000 wired keyboard – but also a wireless M$ mouse and heard these are a risk in a different field EF along with my modem which is WIFI with no off WIFI button when using only desktop with is hard wired anyway and protected – but exposed when turn on for rest of family to log on on their devices etc. Bit of a worry that too. Emisoft has excellent reputation.

  • ᅠᅠᅠ

    This is not really surprising, and wireless keyboards are definitely a prime target for hacking. Set yourself up in a reasonably populated office block or residential building, and hope for some credit card payments or webmail logins. With all the reports on supposedly highly secure systems having been hacked, nobody using wireless keyboards should feel safe, no matter how well the manufacturers claim the transmissions are being encrypted.

    I kind of get the point of these keyboards for mobile devices or home entertainment systems. But they really don’t make the slightest bit of sense in a regular setting, i.e. on a desk. They’re not being moved around like a mouse is, so there is usually zero benefit to not having wires, while there are a lot of downsides: battery requirement, interference when several people use wireless input devices, signal strength problems (my wireless Logitech mouse doesn’t work through my 1-inch wooden table top, I had to move the receiver to the front USB ports), and of course the mentioned security issues. Which is why I don’t get why manufacturers almost only push the wireless keyboards anymore. Simply because of the higher profit margin?

    I’d never buy a wireless keyboard, even though it gets increasingly hard to find wired ones with at least the slightest convenience features (I like having a few media keys to at least play and pause my background music player). I mostly go for OEM keyboards now, which are not meant for sale to end customers, but PC manufacturers and such. Apparently at least the professional buyers still have some sense.

  • David

    What is the maximum range of devices such as this.