Skip to main content

Your wireless keyboard could be secretly leaking unencrypted data to hackers

Researchers at security firm Bastille warn that many wireless keyboards can be very easily intercepted so hackers can see exactly what is being typed. With a very simple dongle called Keysniffer, it is possible to snoop on usernames, passwords and anything else that is being typed from up to 250 feet away.

In all, Bastille found that eight manufacturers produce keyboards - meaning there are millions in use - which use unencrypted radio communication to transmit easily captured clear text. The problem affects non-Bluetooth devices from the likes of Anker, Hewlett-Packard, Kensington and Toshiba.

The list of problematic, insecure keyboards has been published on the Bastille website, but the company warns that it should not be considered complete. "Please note: we have tested the above products, but this should not be considered an exhaustive list of all vulnerable keyboards. There may be other brands/models that are vulnerable to this, or other attacks".

While the problem is well known and not new, Bastille says that the companies have done nothing to either rectify the issue, or to warn users about it. The researchers explain:

"The keyboards susceptible to the KeySniffer vulnerabilities use undocumented transceivers, which necessitated the Bastille Research Team reverse engineering the physical layer and radio frequency packet formats before the data could be examined. Vulnerable keyboards from Hewlett-Packard, Anker, Kensington, RadioShack, Insignia, and EagleTec use transceivers from MOSART Semiconductor. Vulnerable keyboards from Toshiba use transceivers from Signia Technologies, and vulnerable keyboards from GE/Jasco use an entirely unknown transceiver.

The solution? Switch to a wired keyboard, or upgrade to a decent Bluetooth keyboard that offers some level of security. Upgrading is important as in many cases there is no fix due to the impracticality, or impossibility, of updating keyboard firmware.

Photo credit: eagle_marat / Shutterstock