MILLIONS OF WIRELESS KEYBOARDS VULNERABLE TO DATA THEFT AS HACKERS ‘SNIFF’ CHARACTERS
A new type of cyber attack could allow hackers to “sniff” characters entered on wireless keyboards from up to 250 feet away.
Security researchers from Bastille have uncovered KeySniffer, which allows cyber criminals to log every keystroke from “the vast majority” of low-cost wireless keyboards.
The attackers can then sift through the captured text to find payment card details, banking credentials, answers to security questions, network passwords and other secrets.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille research team member Marc Newlin, responsible for the KeySniffer discovery.
“Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers – two-thirds – were susceptible to the KeySniffer hack.”
The affected manufacturers include Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTech, the researchers said.
It is easy for hackers to detect the keyboards as they transmit data regardless of whether or not the user is typing – so attackers can scan areas for vulnerable devices.
Bastille said KeySniffer reveals that manuacturers are producing and selling wireless keyboards with no encryption. It said Bluetooth and higher-end keyboards from brands including Logitech, Dell and Lenovo are not affected.
The research team said it had notified affected vendors, but that many of the affected keyboards cannot be upgraded and need to be replaced. For safety,
Bastille advised users to use wired or Bluetooth keyboards instead.
KeySniffer is the latest vulnerability to put consumers and businesses at risk.
Recently, users were advised to update their iPhones, iPads, Macs and Apple Watches after a flaw was discovered in the way Apple’s operating systems process images.
And at the end of June, major vulnerabilities were found in Symantec’s security products, prompting cyber security experts to advise administrators to install urgent updates.