Arthur T Knackerbracket has found the following story:
Millions of low-cost wireless keyboards are susceptible to a vulnerability that reveals private data to hackers in clear text.
The vulnerability – dubbed KeySniffer – creates a means for hackers to remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 100 metres away.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”
The keyboard manufacturers affected by KeySniffer include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec. Vulnerable keyboards are always transmitting, whether or not the user is typing. Consequently, a hacker can scan for vulnerable devices at any time. A complete list of affected devices can be found here.
Wireless keyboards have been the focus of security concerns before. In 2010, the KeyKeriki team exposed weak XOR encryption in certain Microsoft wireless keyboards. Last year Samy Kamkar’s KeySweeper exploited Microsoft’s vulnerabilities. Both of those took advantage of shortcomings in Microsoft’s encryption.
(Score: 2) by edIII on Wednesday July 27 2016, @10:16PM
Yep. I just replaced a single AAA battery that started affecting the click on the mouse. May have lasted over 3 years for me at this point, and it was the original factory battery. At the end though, I was turning it off and back on every 5 minutes :) I was determined to go for a record.
In all seriousness though, wireless keyboards and mice rock for low power. I've had several Logitech solar power keyboards and they just plain work. Even at low low power they're still working, but "hitching". I bet it would run off a 30W light bulb deep underground with no issues. What we need is a solar powered mouse.... two of them. Leave one in the sun, and use the other. Switch and repeat.
The security issue can be handled very easily with OTP and be uncrackable (the signal at least). Biggest challenge is key exchange, but if you allow that to happen via USB, it requires the attackers to be close enough for sophisticated side-channel attacks. A 1GB flash chip embedded in the devices is very adequate to handle the actual amount of information being exchanged between HID devices and their host systems. Large enough, and you can support profiles for multiple host systems. I'd go further and allow a bonus for the ultra-paranoid of both charging the devices and allowing *wired* operation to replace the wireless whenever directly plugged into the host system, still using OTP to make it that much harder for side-channel attacks to succeed. You can go wireless, but only 50 miles outside of civilization and if you're covered in tin-foil head to toe ;)
Technically, lunchtime is at any moment. It's just a wave function.