Arthur T Knackerbracket has found the following story:
Millions of low-cost wireless keyboards are susceptible to a vulnerability that reveals private data to hackers in clear text.
The vulnerability – dubbed KeySniffer – creates a means for hackers to remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 100 metres away.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”
The keyboard manufacturers affected by KeySniffer include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec. Vulnerable keyboards are always transmitting, whether or not the user is typing. Consequently, a hacker can scan for vulnerable devices at any time. A complete list of affected devices can be found here.
Wireless keyboards have been the focus of security concerns before. In 2010, the KeyKeriki team exposed weak XOR encryption in certain Microsoft wireless keyboards. Last year Samy Kamkar’s KeySweeper exploited Microsoft’s vulnerabilities. Both of those took advantage of shortcomings in Microsoft’s encryption.
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @09:57AM
No wireless keyboards for me, but I did compromise on a wireless mouse. Also I don't trust touchscreen keyboards for valuable passwords.
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:06AM
What's the security risk here specifically, other than generic smartphone surveillance issues? Haptic feedback being recorded by a microphone?
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:14AM
Your fingerprints on the glass.
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:28AM
That could be solved by randomizing the position of keys when password fields are being used. Not a feature I've seen, but...
(Score: 1) by fraxinus-tree on Wednesday July 27 2016, @10:36AM
Have you ever tried to type on a randomized keyboard? Or even on a different keyboard layout?
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:43AM
Tap, tap, tap. Argh. So many touchscreens. I've forgotten how to touch-type! This Star Trek TNG future sucks.
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:44AM
It's a 8-64 character password, not a 140 character tweet or 1,500 word essay.
(Score: 2, Funny) by Anonymous Coward on Wednesday July 27 2016, @01:11PM
For you maybe... I use inspiring quotes from my manager: "The Acting Senior Manager of IT Operations institutionalizes future differentiators." or "The Chief Technical Catalyst standardizes a consistency at the individual, team and organizational level. The customers iterate high-level pyramids."
(Score: 2) by edIII on Wednesday July 27 2016, @09:04PM
Then we come up with an icon based password dictionary titled "PHBs in their natural habitat"...
{manager}-{tps reports}-{hell_spike}-{anal_pineapple_bomb}-{rectal_prolapse}
{CEO}-{douchenozzle}-{space_ship}-{air_lock}-{surface_of_sun}
{PHB}-{etcha_sketch}-{laptop_shake}-{technical_documentation}
Randomize the icons on the screen, choose your actor, attributes, story, and final outcome :) It may double as a corporate stress reducer, unless forced to enter it during a major presentation.......
Technically, lunchtime is at any moment. It's just a wave function.
(Score: 2) by SomeGuy on Wednesday July 27 2016, @12:27PM
There is absolutely no need to worry about that. Nobody is going to go to all the trouble of lifting prints from your grease covered computer screen (how do you read through that anyway?) to get access to your fingerprint locked devices.
They'll just cut off your finger.
ROFL biometrics.
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @05:20PM
No, he's talking about how the position of the 4 smudges on your phone screen reveals the 4 digits of your unlock code, not lifting the fingerprints themselves.
(Score: 2) by Scruffy Beard 2 on Wednesday July 27 2016, @07:33PM
Have you tried to figure out a password from looking a fingerprints? Touch-screens have too many fingerprints to easily discern the ones caused by entering the password.
My own password has mixed case, which requires the use of the shift "button".
My larger concern is that the phone may not do enough key-stretching to make my password secure against an off-line attack (I have device encryption enabled, but long passwords are almost impossible on a touch-screen)..
(Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:38AM
Screenshots.