Your Wireless Keyboards May Be Vulnerable
Anyone that knows us here at CyndrTec knows that we do not trust nor like wireless technology. While it is true that wireless technology is convenient the truth is that it is not as secure when compared to wired technology. Adding to our distrust of wireless technology is the fact that hackers can now steal your keystrokes from your wireless keyboard from hundreds of feet away. Soaking up credit card numbers, bank account logins, bank information and social security numbers.
Bastille’s research team has revealed a new wireless keyboard attack code-named KeySniffer. This technique allows hackers with a $12 radio device intercept the connection between any of eight wireless keyboards and a computer from 240 feet away. It gives the attacker the ability to type keystrokes and record keystrokes from the victim. Why is this? Lack of encryption on the keyboards.
The keyboards all use generic manufacturers in order to save on cost. However, saving a few bucks on cost will mean that the chips aren’t getting the better-tested encryption built into the Bluetooth and the generic connections have left the devices with no real security at all. Affected brands include HP, Toshiba, Radio Shack, Kensington, Insignia, General Electric, Anker and EagleTec. Bastille recommends staying with Bluetooth or wired keyboards.
Kensington, maker of another vulnerable keyboard called the Kensington ProFit Wireless Keyboard, released a statement saying it has taken “all necessary measures to close any security gaps and ensure the privacy of users” and has released a firmware update for the device that includes encryption.
If you’re focused on increased security it’s important to recognize that wired, though annoying, will always inherently be better than wireless in speed, reliability and security.
We recommend that companies use wired connections when possible to prevent the risks associated with wireless technology.