KeySniffer – here’s what you need to know

A few months ago, US startup Bastille Networks announced research that showed how some wireless computer mice could be hacked by intercepting and manipulating the signals between the devices and your computer.

Now, Bastille has focused its efforts on wireless keyboards, and found that the situation was, well, worse.

Last time, they dubbed their attack Mousejacking. They’re branding this one KeySniffer.

Similar to Bastille’s previous Bug With An Impressive Name (or BWAINs, as we call them), keyboards that have the KeySniffer vulnerability transmit information unencrypted.

This means all keystrokes sent are in plaintext and can be easily read and recorded by anyone with the right eavesdropping hardware.

While you log in to your bank account and type away on your wireless keyboard, an attacker hundreds of feet away could find out what your credentials are, just by using inexpensive equipment (such as the $30 Crazyradio PA dongle) to intercept the wireless traffic between your keyboard and your computer.

Note that this is a passive attack – the attackers only need to listen in, and not to transmit at all – so you would have absolutely no way of knowing this was happening.

How widespread is the KeySniffer problem?

The Bastille research team found that eight of the twelve manufacturers whose keyboards they tested had this vulnerability. That may not sound like a large sample size, but these were all fairly common keyboards made by well-known manufacturers, such as HP.

Unfortunately the researchers also found that the vulnerable keyboards also can’t be patched or updated, meaning there’s no fix or update to install to secure a wireless keyboard that is vulnerable to KeySniffer. The only fix for a vulnerable keyboard is to stop using it.

This isn’t the first time that wireless keyboards have been found vulnerable to their traffic being “sniffed” by attackers. That almost makes it worse, since this isn’t anything new at all, so the fact that manufacturers are still making keyboards with this problem is worrisome indeed.

What to do?

  • Does your wireless keyboard require a USB dongle? (If not, and it’s a Bluetooth keyboard, then the KeySniffer research doesn’t apply to you at all.)
  • Is your keyboard on Bastille’s list of affected devices?

If “Yes” and “Yes,” it looks as though you aren’t going to be able to download an update or patch.

If you want to avoid the vulnerability you will have to switch to a different sort of keyboard, or one that isn’t on Bastille’s list.