Is Your Wireless Keyboard Plotting Against You?

We’re all using wireless these days. Wireless headphones, surveillance systems, x-box controllers, even wireless speakers. No one thinks about security to protect your music or video game scores – but your computer? That’s a completely different story.

When it comes to wireless computing, security is a must. All wireless devices are subject to compromise. Consider the information that travels from your fingers, through your keyboard, into your computer, and over your internet connection.

Wireless Keyboard Alert

A set of security vulnerabilities in some wireless keyboards called KeySniffer were recently identified. KeySniffer affects non-Bluetooth wireless keyboards from eight manufacturers, listed below:

Anker
EagleTec
General Electric
Hewlett-Packard
Insignia
Kensington
Radio Shack
Toshiba

If you are currently using a wireless keyboard from any of the above manufacturers, please beware!

These wireless keyboards are susceptible because they use unencrypted wireless radio communication protocols which allow an attacker to eavesdrop on your keystrokes.

Think about all the sensitive information you may enter via the keyboard. It’s amazing, really – we regularly type and send THE most sensitive information – Social Security Numbers, banking information, user names, passwords, personal details – for ourselves, our clients, and our patients. This information is transmitted without encryption, so it can be collected in clear plain text and be immediately usable.

financial passwords
usernames
critical business information
client data
patient information (PHI / ePHI)
credit card numbers
and more

KeySniffer allows an attacker to collect this sensitive, private information using less than $100 of equipment. This means an attacker could capture details from several individuals at once, maximizing the return on their measly $100 investment.

The small USB transmitters (also called dongles) which allow a wireless keyboard to be ‘wireless’ constantly transmit a signal, regardless of any active keystrokes from the keyboard. This continuous signal allows to hacker to ‘sniff’ an area for vulnerable devices and select the most target-rich environment for illegally collecting private data.

This is important security information you can use to protect yourself, your business, and your clients/patients from fraud. Local hackers can easily be down the street in a car, recording your every keystroke, just waiting to hack into your network.

Watch the video for a simple demonstration – http://www.keysniffer.net/video

List of affected devices: http://www.keysniffer.net/affected-devices/

MouseJack – https://www.wired.com/2016/02/flaws-in-wireless-mice-and-keyboards-let-hackers-type-on-your-pc/

What’s The Solution?

CHECK your wireless keyboard. Flip it over to locate the manufacturer and model number.
COMPARE this to the list of affected equipment. If it matches, unplug your wireless keyboard dongle NOW!
REPLACE the affected equipment. Ditch the unencrypted wireless keyboard for a Bluetooth-enabled, more secure model. Alternately, you can always revert to a higher-quality USB wired keyboard.

If you don’t have time to shop or have any questions, just give us a call. We’re happy to help.

Always acting in your best interest,

Eric

Action DataTel
Security (slightly paranoid) Warriors