Stories
Slash Boxes
Comments

SoylentNews is people

posted by cmn32480 on Wednesday July 27 2016, @09:43AM   Printer-friendly
from the pay-attention-there-is-gonna-be-a-quiz dept.

Arthur T Knackerbracket has found the following story:

Millions of low-cost wireless keyboards are susceptible to a vulnerability that reveals private data to hackers in clear text.

The vulnerability – dubbed KeySniffer – creates a means for hackers to remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 100 metres away.

“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”

The keyboard manufacturers affected by KeySniffer include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec. Vulnerable keyboards are always transmitting, whether or not the user is typing. Consequently, a hacker can scan for vulnerable devices at any time. A complete list of affected devices can be found here.

Wireless keyboards have been the focus of security concerns before. In 2010, the KeyKeriki team exposed weak XOR encryption in certain Microsoft wireless keyboards. Last year Samy Kamkar’s KeySweeper exploited Microsoft’s vulnerabilities. Both of those took advantage of shortcomings in Microsoft’s encryption.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Scruffy Beard 2 on Wednesday July 27 2016, @07:33PM

    by Scruffy Beard 2 (6030) on Wednesday July 27 2016, @07:33PM (#380847)

    Have you tried to figure out a password from looking a fingerprints? Touch-screens have too many fingerprints to easily discern the ones caused by entering the password.

    My own password has mixed case, which requires the use of the shift "button".

    My larger concern is that the phone may not do enough key-stretching to make my password secure against an off-line attack (I have device encryption enabled, but long passwords are almost impossible on a touch-screen)..

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2