MouseJack Researchers Uncover Major Wireless Keyboard Vulnerability

KeySniffer attack shows two-thirds of low-cost wireless keyboards prone to keystroke capture and malicious keystroke injection.

The same researchers who earlier this year
uncovered glaring vulnerabilities in many wireless mice
today announced a new major flaw in the majority of the markets low-cost wireless keyboards that puts users at risk of having attackers remotely sniff all of their keystrokes and even inject their own malicious keystroke commands from distances of up to 250 feet away.
Dubbed
KeySniffer
by the Bastille Research Team who found it, the vulnerability puts any password, credential, security secret, or intellectual property byproduct that is typed, at risk of eavesdropping and capture by attackers. The affected manufacturers products do not encrypt data transmitting between their keyboards and the USB dongle that wirelessly connects it to a computer.
According to Marc Newlin, the member of Bastille Research Team who made the discovery, eight of the 12 manufacturers tested for KeySniffer were vulnerable, including Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.
Whereas previous wireless keyboard attack discoveries such as 2010s KeyKeriki and 2015s KeySweeper exploited weaknesses in Microsofts encryption for its keyboards, this one is different because it shows that the affected manufacturers didnt encrypt transmissions at all. Even worse, attackers can sniff out KeySniffer-prone victims without them actively typing at their workstation.
Previously demonstrated vulnerabilities affecting wireless keyboards required the attacker to first observe radio packets transmitted when the victim typed on their keyboard, Newlin says. The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals, enabling an attacker to quickly survey an environment such as a room, building, or public space, for vulnerable devices regardless of the victim’s presence.
As a result, it becomes all the easier for attackers to quickly find vulnerable devices and set up shop to capture information once the user does start to type. Whats more, the flaw also makes it possible to inject malicious keystrokes into the victims machine, opening up a whole other world of attacks for the bad guys, including easier installation of malware, exfiltration of data, or execution of malicious commands, without any user interaction required.
The KeySniffer attack is made possible by a common vulnerability in undocumented USB transceivers from MOSART Semiconductor, Signia Technologies, and one unknown manufacturer, all of which Bastille reverse-engineered in order to properly examine data it found through exploratory attacks. The packet capture itself was conducted using an amplified USB dongle called the Crazyradio PA[6], which is more commonly used on open-source drones and for which Bastille developed custom firmware and software to communicate with the keyboards vulnerable to KeySniffer.
Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada July 30 through Aug. 4, 2016. Click for information on the
conference schedule
and
to register.
According to researchers, this vulnerability fortunately does not affect Bluetooth and higher-end wireless keyboards, including those from Logitech, Dell, and Lenovo, none of which were impacted. However, the bad news is that keyboards that are susceptible to KeySniffer cannot be upgraded and the risk can only be mitigated by replacing them.
This vulnerability discovery by Bastille is the second peripheral attack found by the firm in five months. The first was MouseJack, a similar flaw in non-Bluetooth mouse devices that also had them transmitting information in the clear.
Related Content:
10 Hottest Talks at Black Hat USA 2016
Meet The Teams In DARPAs All-Machine Hacking Tournament
Locking Down Windows 10: 6 New Features

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
MouseJack Researchers Uncover Major Wireless Keyboard Vulnerability