Wireless Keyboards are easily hacked

Wireless keyboards can be intercepted, very easily. This is something you should be aware of not only when purchasing new equipment but when using someone else’s computer. There’s no real defence against it either, other than using a wired keyboard.

Before I explain the risks let me point out which keyboards it does and doesn’t affect:

  • All keyboards using a 27MHz transmitter are at risk (which includes most of them)
  • Keyboards that advertise "wireless encryption" or "secure" features are also at risk
  • Bluetooth keyboards are safer (though these are generally more expensive)

typewriter The risks of such an "attack" should be obvious – other people within range could be recording every keystroke. This includes the address of websites you go to, usernames, passwords, the contents of emails, chat conversations, etc.

In a business environment this would be a critical breach of security. Giving away passwords, trade secrets, and other sensitive information is quite serious, and in a lot of cases criminally irresponsible. Wireless keyboards that fall into the "at risk" categories above should be banned.

At home the risks are just as serious. Anyone using a home computer to do internet banking should immediately recognise the dangers of giving away too much information (i.e. finding a large amount of money removed from your bank account). Again, either use a wired keyboard at home, a Bluetooth wireless keyboard (expensive), or limit the keyboard & computer’s use to trivial tasks such as gaming.

How does the attack work?

Well, it seems there are only 256 possible encryption codes, so hackers have cleverly written software that tries them all within seconds. Then there are other tricks they use to break the encryption that some keyboards use (for the IT savvy reader, it’s an XOR protocol).

So it takes about 20 to 50 keystrokes before enough information can be gathered to break the encryption.

How close does one need to be to "sniff" wireless keyboard signals? Usually it’s 4-8 feet, or 1-3 metres. But with more powerful aerials this can be extended much further (hundreds of metres).

Also keep in mind that Bluetooth generally isn’t a very security protocol. It’s only considered safer because of how easy it now is to hack normal wireless keyboards. But you shouldn’t use it to keep million dollar secrets.

There’s a video here demonstrating how it works (warning, it’s geeky and technical): Wireless keyboard hacking.

So go back to wired keyboards, they not only more reliable and more secure, they don’t have batteries that need replacing or recharging.

Leave a Reply

Your email address will not be published. Required fields are marked *