Stories
Slash Boxes
Comments

SoylentNews is people

It's 2016 and Your Passwords Can Still be Read Off From Wireless Keyboards

posted by cmn32480 on Wednesday July 27 2016, @09:43AM   Printer-friendly
from the pay-attention-there-is-gonna-be-a-quiz dept.

Arthur T Knackerbracket has found the following story:

Millions of low-cost wireless keyboards are susceptible to a vulnerability that reveals private data to hackers in clear text.

The vulnerability – dubbed KeySniffer – creates a means for hackers to remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 100 metres away.

“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”

The keyboard manufacturers affected by KeySniffer include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec. Vulnerable keyboards are always transmitting, whether or not the user is typing. Consequently, a hacker can scan for vulnerable devices at any time. A complete list of affected devices can be found here.

Wireless keyboards have been the focus of security concerns before. In 2010, the KeyKeriki team exposed weak XOR encryption in certain Microsoft wireless keyboards. Last year Samy Kamkar’s KeySweeper exploited Microsoft’s vulnerabilities. Both of those took advantage of shortcomings in Microsoft’s encryption.

Original Submission

 
This discussion has been archived. No new comments can be posted.
It's 2016 and Your Passwords Can Still be Read Off From Wireless Keyboards | Log In/Create an Account | Top | 27 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @09:57AM

    by Anonymous Coward on Wednesday July 27 2016, @09:57AM (#380672)

    No wireless keyboards for me, but I did compromise on a wireless mouse. Also I don't trust touchscreen keyboards for valuable passwords.

  • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:06AM

    by Anonymous Coward on Wednesday July 27 2016, @10:06AM (#380674)

    Also I don't trust touchscreen keyboards for valuable passwords.

    What's the security risk here specifically, other than generic smartphone surveillance issues? Haptic feedback being recorded by a microphone?

    • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:14AM

      by Anonymous Coward on Wednesday July 27 2016, @10:14AM (#380676)

      Your fingerprints on the glass.

      • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:28AM

        by Anonymous Coward on Wednesday July 27 2016, @10:28AM (#380680)

        That could be solved by randomizing the position of keys when password fields are being used. Not a feature I've seen, but...

        • (Score: 1) by fraxinus-tree on Wednesday July 27 2016, @10:36AM

          by fraxinus-tree (5590) on Wednesday July 27 2016, @10:36AM (#380682)

          Have you ever tried to type on a randomized keyboard? Or even on a different keyboard layout?

          • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:43AM

            by Anonymous Coward on Wednesday July 27 2016, @10:43AM (#380685)

            Tap, tap, tap. Argh. So many touchscreens. I've forgotten how to touch-type! This Star Trek TNG future sucks.

          • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:44AM

            by Anonymous Coward on Wednesday July 27 2016, @10:44AM (#380686)

            It's a 8-64 character password, not a 140 character tweet or 1,500 word essay.

            • (Score: 2, Funny) by Anonymous Coward on Wednesday July 27 2016, @01:11PM

              by Anonymous Coward on Wednesday July 27 2016, @01:11PM (#380716)

              For you maybe... I use inspiring quotes from my manager: "The Acting Senior Manager of IT Operations institutionalizes future differentiators." or "The Chief Technical Catalyst standardizes a consistency at the individual, team and organizational level. The customers iterate high-level pyramids."

              • (Score: 2) by edIII on Wednesday July 27 2016, @09:04PM

                by edIII (791) on Wednesday July 27 2016, @09:04PM (#380890)

                Then we come up with an icon based password dictionary titled "PHBs in their natural habitat"...

                {manager}-{tps reports}-{hell_spike}-{anal_pineapple_bomb}-{rectal_prolapse}

                {CEO}-{douchenozzle}-{space_ship}-{air_lock}-{surface_of_sun}

                {PHB}-{etcha_sketch}-{laptop_shake}-{technical_documentation}

                Randomize the icons on the screen, choose your actor, attributes, story, and final outcome :) It may double as a corporate stress reducer, unless forced to enter it during a major presentation.......

                --
                Technically, lunchtime is at any moment. It's just a wave function.

      • (Score: 2) by SomeGuy on Wednesday July 27 2016, @12:27PM

        by SomeGuy (5632) on Wednesday July 27 2016, @12:27PM (#380705)

        Your fingerprints on the glass.

        There is absolutely no need to worry about that. Nobody is going to go to all the trouble of lifting prints from your grease covered computer screen (how do you read through that anyway?) to get access to your fingerprint locked devices.

        They'll just cut off your finger.

        ROFL biometrics.

        • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @05:20PM

          by Anonymous Coward on Wednesday July 27 2016, @05:20PM (#380807)

          No, he's talking about how the position of the 4 smudges on your phone screen reveals the 4 digits of your unlock code, not lifting the fingerprints themselves.

      • (Score: 2) by Scruffy Beard 2 on Wednesday July 27 2016, @07:33PM

        by Scruffy Beard 2 (6030) on Wednesday July 27 2016, @07:33PM (#380847)

        Have you tried to figure out a password from looking a fingerprints? Touch-screens have too many fingerprints to easily discern the ones caused by entering the password.

        My own password has mixed case, which requires the use of the shift "button".

        My larger concern is that the phone may not do enough key-stretching to make my password secure against an off-line attack (I have device encryption enabled, but long passwords are almost impossible on a touch-screen)..

    • (Score: 0) by Anonymous Coward on Wednesday July 27 2016, @10:38AM

      by Anonymous Coward on Wednesday July 27 2016, @10:38AM (#380683)

      Screenshots.