Arthur T Knackerbracket has found the following story:
Millions of low-cost wireless keyboards are susceptible to a vulnerability that reveals private data to hackers in clear text.
The vulnerability – dubbed KeySniffer – creates a means for hackers to remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 100 metres away.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”
The keyboard manufacturers affected by KeySniffer include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec. Vulnerable keyboards are always transmitting, whether or not the user is typing. Consequently, a hacker can scan for vulnerable devices at any time. A complete list of affected devices can be found here.
Wireless keyboards have been the focus of security concerns before. In 2010, the KeyKeriki team exposed weak XOR encryption in certain Microsoft wireless keyboards. Last year Samy Kamkar’s KeySweeper exploited Microsoft’s vulnerabilities. Both of those took advantage of shortcomings in Microsoft’s encryption.
(Score: 2) by frojack on Wednesday July 27 2016, @05:41PM
Oh, and I would be interested in a list of wireless keyboards that encrypt properly (setting up a media centre) and are OS agnostic/works with the generic keyboard drivers/modules
Any of the newer Logitech models would be on that list.
I just picked up a compact-ish cheap Logitech Mk235 [logitech.com] keyboard+Mouse wireless usb combo for 15 bucks (half of MSLP) which indicated encrypted transmissions between the devices and the Dongle.
My use case is a Linux computer that runs headless most of the time but will have console attention frequently. ZERO problems getting it to work, Seriously, this is a long solved problem. There was nothing to install.
No, you are mistaken. I've always had this sig.