Re: Wireless Keyboard Security

From: Kinnell (kinnell.t_at_gmail.com)
Date: 03/28/05

  • Next message: Steven DeFord: "Re: Hashing Functions" 
    Date: Mon, 28 Mar 2005 12:22:26 -0600
To: Glen Becker <glen.becker@gmail.com>

    just positioning. The same thing that could be tracked using a
    "software key logger" for a mouse could probably be gathered. However
    that information could be useful or not to obtain. If an attacker
    were able to see usual activity they might be able to guess functions
    of buttons/icons on the screen if they are frequently used, and when
    they are used in reference to when a customer enters the store or when
    they ask a question. So if that machine were compromised the attacker
    might have a better knowledge of day-to-day activity on it, and
    therefore might know what to do for certain functions. However, for
    this to be useful they would also need to have some knowledge of data
    entered by employees. So mouse movement alone might not be useable,
    but it still allows knowledge of computer and user interaction.

    -Kinnell

    On Thu, 24 Mar 2005 22:36:43 -0500, Glen Becker <glen.becker@gmail.com> wrote:
    > Just to clarify for myself, since the discussion has mentioned
    > products that appear to have keyboards with an integrated pointing
    > device but centered on the potential key-logging vuln:
    >
    > Is there any risk posed, or valuable info trasmitted, by wireless mice?
    >
    > Regards,
    >
    > -Glen Becker
    >
    >
    > On Wed, 23 Mar 2005 20:33:52 -0700, David King <davewking@gmail.com> wrote:
    > > Here's a successful attack on a wireless keyboard/mouse combo made by logitech.
    > >
    > > http://www.osvdb.org/displayvuln.php?osvdb_id=13367
    > >
    > > and the original message
    > >
    > > http://archives.neohapsis.com/archives/bugtraq/2001-05/0224.html
    > >
    > > Looks bad.
    > >
    > > Laters,
    > > Dave King
    > > http://www.thesecure.net
    > >
    > > On Wed, 23 Mar 2005 18:16:06 +0000, Pedro Venda
    > > <pjvenda@arrakis.dhis.org> wrote:
    > > > On Wednesday 23 March 2005 05:25, Alvin Oga wrote:
    > > > > hi ya jared
    > > > >
    > > > > On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
    > > > > > My job involves reviewing computer security at a bank, and I was very
    > > > > > surprised to see that nearly all of the computers at one of my branches
    > > > > > are using these wireless mouse/keyboard combos. It seems like this could
    > > > > > be a potentially serious security risk,
    > > > >
    > > > > yup .. big problem
    > > >
    > > > I agree. This is a serious issue, and I don't think current hardware is
    > > > encrypting data. hardware sniffers can now be wireless too :-)
    > > >
    > > > The wireless peripherals are now hype (not in the sense that they won't be
    > > > used further, but in the sense that everyone has one). with wireless
    > > > ethernet, there were security concerns (not efficiently solved) from day 1,
    > > > but most people overlook this issue on other peripherals, which I consider
    > > > very serious.
    > > >
    > > > It'd be expensive for manufacturers to start producing peripherals with decent
    > > > encryption/decryption hardware, so I don't predict short/medium term changes.
    > > > After all, mose people (even on banks !!!) don't see this issue, so why would
    > > > the masses pay more for something not obviously necessary?
    > > >
    > > > regards,
    > > > pedro venda.
    > > > --
    > > >
    > > > Pedro Joćo Lopes Venda
    > > > email: pjvenda < at > arrakis.dhis.org
    > > > http://arrakis.dhis.org
    > > >
    > > >
    > > >
    > >
    >

  • Next message: Steven DeFord: "Re: Hashing Functions"