Re: Wireless Keyboard Security

From: Alvin Oga (alvin.sec_at_Virtual.Linux-Sec.net)
Date: 03/23/05

  • Next message: Jason Coombs: "Re: Unknown Startup Program Requires Approval BPS Video Converter& Decompiler"
    Date: Tue, 22 Mar 2005 21:25:40 -0800
    To: "Badger, Jared" <Jared.Badger@acs-inc.com>
    
    

    hi ya jared

    On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
    >
    > My job involves reviewing computer security at a bank, and I was very
    > surprised to see that nearly all of the computers at one of my branches are
    > using these wireless mouse/keyboard combos. It seems like this could be a
    > potentially serious security risk,

    yup .. big problem

    > 1. How possible/easy/difficult is it to eavesdrop and capture keystrokes
    > from a wireless keyboard using passive means only? What equipment/expertise
    > does this require? (I am thinking it would probably take at least a spectrum
    > analyzer, receiver, a laptop, and some custom software) What about taking
    > the keyboard apart and reverse engineering it?

    if it is using wep... you're dead ..

    if it is using plain ole infared to transmit over IR ( infared, red light ),
    you're probably dead, since the keystrokes are not probably not encrypted
    while in transit

    you just need a pda with a line of sight to the target pc
            - or laser from outside the building .. laser will pick up the
            1's and 0'z of the infared transmissions between kb and pc

    > 2. How easy/difficult would it be to take control of a computer without
    > having physical access to the keyboard at the console? What

    should be easy if one had a line of sight to the keyboard/mouse

    > equipment/expertise would this require? (Probably at least the same as
    > above, plus a transmitter)

    you, as the evesdropper, only want to receive... and not transmit

    > There are many docs, including photos and lab tests, on the associated
    > pages. For example, FCC docs show that this particular keyboard transmits on
    > a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't
    > seem there are enough electronics to perform advanced encryption.

    bingo ... you're dead

    > Certainly somebody knows how to do this. Has anybody tried? Been successful?

    it'd be a fun ( easy ) audit/pen-test to perform .. just takes time
    to get the customized laser or pda with "sniffing(recording) tools"

    ========

    all wireless transmissions should be considered sniffed/sniffable
    and therefore, you should encrypt everything transmitted wirelessly
    and for that matter, over wired communications too, everything is
    transmistted encrypted or consider it open for anybody to see

    c ya
    alvin


  • Next message: Jason Coombs: "Re: Unknown Startup Program Requires Approval BPS Video Converter& Decompiler"