Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

KeySniffer – How to remotely hack wireless Keyboards

Experts discovered that Wireless keyboards from several vendors don’t use encryption when communicating with USB dongle being opened to KeySniffer attacks Security experts from Bastille firm have devised a method of attack dubbed KeySniffer to remotely intercept keystrokes or send commands to a targeted computer. The researchers have analyzed non-Bluetooth wireless keyboards from 12 manufacturers discovering that […]

KeySniffer – How to remotely hack wireless Keyboards

Experts discovered that Wireless keyboards from several vendors don’t use encryption when communicating with USB dongle being opened to KeySniffer attacks

Security experts from Bastille firm have devised a method of attack dubbed KeySniffer to remotely intercept keystrokes or send commands to a targeted computer. The researchers have analyzed non-Bluetooth wireless keyboards from 12 manufacturers discovering that the majority of them doesn’t use encryption while communicating with their USB dongle.

“KeySniffer is a set of security vulnerabilities affecting non-Bluetooth wireless keyboards from eight vendors. The wireless keyboards susceptible to KeySniffer use unencrypted radio communication, enabling an attacker up to several hundred feet away to eavesdrop and record all the keystrokes typed by the victim.” reads the blog post published by Bastille. “This means an attacker can see personal and private data such as credit card numbers, usernames, passwords, security question answers and other sensitive or private information all in clear text.  The equipment needed to do the attack costs less than $100 putting it in reach of many teenage hackers.”

The list of affected devices includes wireless keyboards from Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack, and Toshiba.

The researchers verified that keyboards from Dell, Lenovo, and Dell are not vulnerable to the KeySniffer attack because these manufacturers encrypt communications.

Is it easy to exploit the lack of encrypted communication in order to launch a KeySniffer attack?

The researchers from Bastille demonstrated that attackers using equipment worth less than $100 could launch the attack from distances of up to 250 feet.

A long-range USB radio dongle, such as Crazyradio PA, could be used by a remote attacker to intercept unencrypted communications.

KeySniffer attack Wireless Keyboards

The KeySniffer attack differs from previously analyzed vulnerabilities affecting wireless keyboards that were requiring the attacker to first observe radio packets transmitted when the victim typed on their keyboard.

The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals allowing an attacker to easy spot a vulnerable device and capture data that are sent even when the victim isn’t at the keyboard.

“The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals, enabling an attacker to quickly survey an environment such as a room, building or public space for vulnerable devices regardless of the victim’s presence. This means an attacker can find a vulnerable keyboard whether a user is at the keyboard and typing or not, and set up to capture information when the user starts typing.” continues the analysis published by Bastille.

The experts explained that the KeySniffer attacker could be exploited also to inject keystrokes and deliver malware or conduct other malicious activities on the target system.

Experts from Bastille already reported the issue to manufacturers of vulnerable wireless cable keyboards.

In February, Bastille demonstrated how to hack computers by exploiting a flaw in many wireless mouse and keyboard dongles, in that case, the company warned that wireless mice and keyboards from several top vendors were vulnerable to so-called MouseJack attacks.

The MouseJack vulnerability was found to affect more than 80 percent of organizations. Several vendors, including Microsoft, Logitech, and Lenovo, released firmware updates to address the weakness, while others provided recommendations on how to mitigate the threat.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – KeySniffer, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]