Wireless keyboard review: They are vulnerable to leaking data and easy hack. Security researchers name issues with HP, Toshiba and other wireless keyboard models.
If you use a lower-tier wireless keyboard, you may be at risk for an attack called KeySniffer that’s able to nab a good deal of personal information from you.
According to cybersecurity company Bastille, KeySniffer is a huge vulnerability that affects several brands and models of wireless keyboards, including HP, Toshiba, Kensington, Insignia, Radio Shack, General Electric and more. KeySniffer allows third parties to remotely access the keystrokes from users from up to 250 feet away. The data is transmitted via clear text and can offer up passwords, credit card numbers and other types of sensitive data.
Bastille tested keyboards from 12 different manufacturers and found that eight of them were susceptible to the attack. Kensington has already made efforts to patch the vulnerability, adding AES to its wireless keyboards’ broadcast, but if you find yourself consistently using one of the brands tested it could be worth looking into a different model or at the very least opting for Bluetooth. There are enough breaches out there to have to worry about yet another one coming from an item you could be using every day. Source: https://www.engadget.com/2016/07/28/some-wireless-keyboards-could-put-your-personal-info-at-risk/
Image source: http://www.techlicious.com/blog/keyboard-vulnerability-keysniffer-hackers-watch-keystrokes/
Wireless keyboards are stupidly easy to hack
Security researchers say that wired or Bluetooth keyboards are far safer than 2.4Ghz models.
Security researchers have found that many popular wireless keyboards are vulnerable to leaking data to anyone with a modicum of determination.
Wireless keyboards made by HP, Kensington, Toshiba, Radio Shack and others are all suffer from the same problem, and there are likely many more, say the researchers at Bastille Network.
While Bluetooth keyboards and other devices adhere to set security standards, vendors that make keyboards that connect via the 2.4Ghz band instead are left to implement their own proprietary security protocols, which the group says are grossly insufficient. In most cases, keystrokes are transmitted in plain text, and are vulnerable to interception via keystroke sniffing and injection attacks from “several hundred” feet away.
The dangers of this are pretty obvious – someone being able tointercept and view everything you type from through walls, sat in a car outside your house, or in the office next door obviously leaves all your log-in details, as well as personal information, at risk.
If that wasn’t bad enough, the researchers say that hackers can even inject their own keystrokes, meaning not only do they get access to your passwords and everything else, but they can also install more malware or ransomware to do yet more damage.
Perhaps the worst part for users is that none of the affected keyboards can reportedly be fixed – firmware updates wouldn’t resolve the problem. That means you have two ways to get around the problem if you’re sat there with a 2.4Ghz keyboard: you can either buy a Bluetooth one instead, or plug in an old-school wired one instead. Source: http://www.wired.co.uk/article/wireless-keyboards-are-stupidly-easy-to-hack