« Intelligence Summit Webring | Main | Opera Mini Browser Insecurity »

Insecurity of Wireless Keyboards

Steve Gibson responds to an inquiry about the insecurity of wireless keyboards, informing listeners of Security Now that the Microsoft Wireless keyboards are so easy to intercept and decode, it's child's play:

Steve: Yup. Get a load of this. It's not a 1-bit shift register. It's a 1-byte static byte that is XORed with the data from the keyboard.

Leo: So would that be pretty easy to reverse engineer?

Steve: Leo, it'd be hard not to reverse engineer. It is horrifying. It's horrifying.

Leo: And this is true not just for Microsoft, but do other keyboards do it this way?

Steve: Well, apparently Logitech has recognized that this is a problem that's sooner or later going to get exposed. Microsoft's wireless keyboards do this. The 1000 series and the 2000 series have been examined. The 3000 and the 4000 have not been. But it appears to be the same for them. Logitech has, like, a secure connect...

Leo: They have an encrypted keyboard, yeah.

Steve: Yeah. And so they're boasting about that. But the extremely popular Microsoft keyboards, during the so-called "association phase," the keyboard chooses a random byte, one byte of randomness, and provides it to the reader. Then the keystrokes you type are XORed with that one byte. Which means, as we know, there are 256 possible combinations of one byte, that the one byte can have. All you have to do is suck in a bunch of characters, you know, wait a few minutes for someone to type 20 or 30, and then in a heartbeat you could check every possible byte. One of them will turn what they're typing into English or clear text or whatever language they're typing in. In that case, at that point, their keyboard is decrypted for all intents and purposes, deciphered. What this means, of course, is that in a situation where people are within sniffing distance, radio distance of a keyboard, you absolutely have to consider that it is not safe. Keyboards are using a low frequency, 27MHz, which is extremely easy to receive, meaning that in an apartment building, neighbors who have a wireless keyboard could have everything they're typing trivially decrypted, if it's at least on these Microsoft Series 1000 and 2000 keyboards, and probably other keyboards. So it's definitely a concern.

 Transcript of Episode 122, Security Now

Category: Security | permalink   





Search





About

This page contains a single entry from the blog posted on January 8, 2008.

The previous post in this blog was Intelligence Summit Webring.

The next post in this blog is Opera Mini Browser Insecurity.

Many more can be found on the main index page or by looking through the archives.