Re: Wireless Keyboard Security
From: Alvin Oga (alvin.sec_at_Virtual.Linux-Sec.net)
Date: Tue, 22 Mar 2005 21:25:40 -0800 To: "Badger, Jared" <Jared.Badger@acs-inc.com>
hi ya jared
On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
> My job involves reviewing computer security at a bank, and I was very
> surprised to see that nearly all of the computers at one of my branches are
> using these wireless mouse/keyboard combos. It seems like this could be a
> potentially serious security risk,
yup .. big problem
> 1. How possible/easy/difficult is it to eavesdrop and capture keystrokes
> from a wireless keyboard using passive means only? What equipment/expertise
> does this require? (I am thinking it would probably take at least a spectrum
> analyzer, receiver, a laptop, and some custom software) What about taking
> the keyboard apart and reverse engineering it?
if it is using wep... you're dead ..
if it is using plain ole infared to transmit over IR ( infared, red light ),
you're probably dead, since the keystrokes are not probably not encrypted
while in transit
you just need a pda with a line of sight to the target pc
- or laser from outside the building .. laser will pick up the
1's and 0'z of the infared transmissions between kb and pc
> 2. How easy/difficult would it be to take control of a computer without
> having physical access to the keyboard at the console? What
should be easy if one had a line of sight to the keyboard/mouse
> equipment/expertise would this require? (Probably at least the same as
> above, plus a transmitter)
you, as the evesdropper, only want to receive... and not transmit
> There are many docs, including photos and lab tests, on the associated
> pages. For example, FCC docs show that this particular keyboard transmits on
> a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't
> seem there are enough electronics to perform advanced encryption.
bingo ... you're dead
> Certainly somebody knows how to do this. Has anybody tried? Been successful?
it'd be a fun ( easy ) audit/pen-test to perform .. just takes time
to get the customized laser or pda with "sniffing(recording) tools"
all wireless transmissions should be considered sniffed/sniffable
and therefore, you should encrypt everything transmitted wirelessly
and for that matter, over wired communications too, everything is
transmistted encrypted or consider it open for anybody to see