Keysweeper: proof that it’s relatively simple to hack a wireless keyboard

Have you ever worried about how secure that wireless keyboard you’re using really is? A lot of Microsoft wireless keyboards are not very secure: they’re poorly encrypted, making it an easy target for a moderately skilled tech person to create a device to hack it.

For just $10, a hacker can create a camouflaged USB charging device that tracks everything you type on a keyboard. Security researcher and hacker Samy Kamkar developed the device and called it Keysweeper: a cheap and functioning USB wall charger that sniffs and hacks keystrokes made on nearby wireless keyboards and then sends it to the hacker remotely. Samy listed his research on his website on which it shows readers a step by step tutorials on how to create one.

Device can alert the hacker by SMS if certain information is typed, such as a credit card number

keysweeperKeysweeper sniffs, decrypts, logs and reports all your keywords that you enter into any wireless Microsoft keyboard. It can store and log all your input in several ways: on a chip for retrieval later, online and even onto the creator’s mobile phone. Samy’s website even explains how someone can create a similar device with a GSM chip included that can send all the input to the creator’s mobile phone. It can be programmed to send the creator a text message whenever certain keywords such as passwords, a credit card number or bank information is entered. The Keysweeper recharges when plugged in and runs off of battery when not connected to a power source.

To people being spied on, it looks like just another USB charger plugged into a wall socket making it the ultimate hacking weapon for use in public places with internet. The creator can simply put the device into a wall socket of a local library, even a business, and spy on everyone who uses a wireless keyboard nearby.

Wireless keyboard hacking: the next hacking trend?

Wireless keyboard hacking is not new. When you Google “wireless keyboard hacks” you’ll find plenty of examples. The ultimate goal of many hacks, including a wireless keyboard hack, is to get access to sensitive information such as bank accounts and passwords. The key advantages of the wireless keyboard hack over a traditional hack from a hackers perspective are:

Keysweeper is an example of a sniffer. A sniffer is a program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network’s security because they are hard to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker’s arsenal.

Are wireless keyboards a security risk?

wireless_keyboardTechnically, all wireless keyboards are encrypted. But the XOR-encryption built into certain Microsoft wireless keyboards can relatively easily be hacked. XOR works by using the boolean algebra function exclusive-OR (XOR). XOR is a binary operator, meaning that it takes two arguments. By itself, using a constant repeating key, a simple XOR cipher can trivially be broken using frequency analysis.

Microsoft still sells wireless keyboards with XOR encryption, as was also pointed out by Samy since he bought the keyboard he used for his research a few weeks before at a local Best Buy store. So, unless people pay attention to what type of encryption the keyboard that they buy has, they can be vulnerable to these type of exploits. The fact that anyone with mediocre tech skills can develop a similar device for just $10 or less, is scary.

Microsoft released a statement today in response:

“Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology.”

Going for a bluetooth or wired keyboard is still your best bet. You may have to consider whether that extra piece of wire is a price you want to pay for extra safety.

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Have a great (malware-free) day!

Senan Conrad

Senan Conrad

Senan specializes in giving readers insight into the constantly and rapidly changing world of cybersecurity. When he’s not tapping away at his keyboard, he enjoys drinking a good coffee or tinkering in his workshop.

What to read next