Re: Wireless Keyboard Security

From: Alvin Oga (
Date: 03/23/05

  • Next message: Jason Coombs: "Re: Unknown Startup Program Requires Approval BPS Video Converter& Decompiler"
    Date: Tue, 22 Mar 2005 21:25:40 -0800
    To: "Badger, Jared" <>

    hi ya jared

    On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
    > My job involves reviewing computer security at a bank, and I was very
    > surprised to see that nearly all of the computers at one of my branches are
    > using these wireless mouse/keyboard combos. It seems like this could be a
    > potentially serious security risk,

    yup .. big problem

    > 1. How possible/easy/difficult is it to eavesdrop and capture keystrokes
    > from a wireless keyboard using passive means only? What equipment/expertise
    > does this require? (I am thinking it would probably take at least a spectrum
    > analyzer, receiver, a laptop, and some custom software) What about taking
    > the keyboard apart and reverse engineering it?

    if it is using wep... you're dead ..

    if it is using plain ole infared to transmit over IR ( infared, red light ),
    you're probably dead, since the keystrokes are not probably not encrypted
    while in transit

    you just need a pda with a line of sight to the target pc
            - or laser from outside the building .. laser will pick up the
            1's and 0'z of the infared transmissions between kb and pc

    > 2. How easy/difficult would it be to take control of a computer without
    > having physical access to the keyboard at the console? What

    should be easy if one had a line of sight to the keyboard/mouse

    > equipment/expertise would this require? (Probably at least the same as
    > above, plus a transmitter)

    you, as the evesdropper, only want to receive... and not transmit

    > There are many docs, including photos and lab tests, on the associated
    > pages. For example, FCC docs show that this particular keyboard transmits on
    > a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't
    > seem there are enough electronics to perform advanced encryption.

    bingo ... you're dead

    > Certainly somebody knows how to do this. Has anybody tried? Been successful?

    it'd be a fun ( easy ) audit/pen-test to perform .. just takes time
    to get the customized laser or pda with "sniffing(recording) tools"


    all wireless transmissions should be considered sniffed/sniffable
    and therefore, you should encrypt everything transmitted wirelessly
    and for that matter, over wired communications too, everything is
    transmistted encrypted or consider it open for anybody to see

    c ya

  • Next message: Jason Coombs: "Re: Unknown Startup Program Requires Approval BPS Video Converter& Decompiler"

    Relevant Pages

    • Re: OK Gang - Wireless Microphones - Rants and Raves... Jeff C where are you???
      ... What the hell are you wireless manufacturers doing out there???? ... percent of our spectrum, and we're not seeing much to replace it. ... First company with a Full-Spectrum Broadcast Quality Digital ... I can throw a 50mw digital transmitter farther than it will transmit! ...
    • Re: Stowaway BT impressions
      ... is based on devices that transmit, ... BT doesn't cause any issues and neither does WiFi. ... > A Pocket PC Magazine "Best Site" for Pocket PC Reviews! ... >> thing that's stopped me getting a BT keyboard is the fact that you're ...
    • Re: Intercept Algorithms and V1.
      ... You're well studied on encryption and electronics. ... 'shark' code base station was used to transmit the frequencies to use ...
    • Re: Portable Internet Radio Around The House?
      ... something like a 50mW maximum output power, you can transmit ... I will recommend any MIMO wireless kit as ... this has proven extremely effective at extending range to something very ...
    • Re: Sending RF signals without cabling
      ... more coax wiring and so wanted to be able to transmit the RF signal ... frequency for wireless retransmission. ... If wiring really is a problem, then using a wireless sender with a ...