In a presentation at this year's DEF CON hacking conference in Las Vegas on Friday, Damien Cauquil, senior security researcher at Econocom Digital Security, showed how the pocket-sized microcomputer could be configured to sniff out keystrokes from a wireless keyboard, and even take control of a quadcopter drone with just some nifty programming.
The Micro:bit, which costs just £12 in the UK or $15 in the US, is powered by a 16MHz 32-bit ARM Cortex-M0 CPU with 16KB of RAM and Bluetooth connectivity that, with a little Python coding, turns out to be an excellent wireless sniffer. To make matters better for hackers, it's also tiny, and thus easy to hide while doing this job.
Cauquil showed that by using publicly available software, he could program the Micro:bit to snoop on signals from a wireless keyboard using Bluetooth, and then hide it in a desk to grab sensitive info, passwords and other login details out of the air as they are typed. Admittedly, the amount of storage on the Micro:bit is pitifully small, but it's enough to hold the goodies you'd need for further mischief.
But there was also another use for the device. Cauquil attached it to a drone controller handset and used the resulting gizmo to interfere with an airborne quadcopter's control mechanisms and hijack its flight controls. In other words, you can wire a suitably programmed Micro:bit into a controller and potentially use it to take over someone else's drone.
(Score: 2) by kaszz on Monday July 31 2017, @06:54AM (2 children)
So the security of wireless drones and wireless keyboards sucks? This hack is only possible in such case. And the tool for exploit matters less. What the article should been about is really WHY such lame product firmware is allowed out the door. Death by executive or MBA again?
(Score: 2) by nobu_the_bard on Monday July 31 2017, @01:59PM (1 child)
The security for wireless keyboards does indeed suck, and it's only fairly recently they started having encrypted connections available as options. They rarely bother to actually advertise what measures (if any) they are taking.
Only a few years ago, I had a site where the wireless keyboards were in such density they actually interfered with one another- could end up typing on someone else's screen.
Newer ones are supposedly better but I haven't really had the time and money to invest in figuring out if it's true.
Here's an article from last year that talks about it; I just googled it and posted the first thing I saw:
http://www.csoonline.com/article/3100026/hardware/many-popular-wireless-keyboards-completely-unprotected.html [csoonline.com]
(Score: 2) by kaszz on Monday July 31 2017, @02:50PM
Haha, I recall when I saw these wireless keyboards at first. And my instant first thought was.. which encryption do they use? And the answer was "it's wireless".. yes but "it's wireless". Right there I got suspicious and it turned out I was right.