Security Basics mailing list archives

Re: Wireless Keyboard Security

From: Alvin Oga <alvin.sec () Virtual Linux-Sec net>
Date: Tue, 22 Mar 2005 21:25:40 -0800


hi ya jared

On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:


My job involves reviewing computer security at a bank, and I was very
surprised to see that nearly all of the computers at one of my branches are
using these wireless mouse/keyboard combos. It seems like this could be a
potentially serious security risk,


yup .. big problem

1. How possible/easy/difficult is it to eavesdrop and capture keystrokes
from a wireless keyboard using passive means only? What equipment/expertise
does this require? (I am thinking it would probably take at least a spectrum
analyzer, receiver, a laptop, and some custom software) What about taking
the keyboard apart and reverse engineering it?


if it is using wep... you're dead ..

if it is using plain ole infared to transmit over IR ( infared, red light ),
you're probably dead, since the keystrokes are not probably not encrypted 
while in transit

you just need a pda with a line of sight to the target pc
        - or laser from outside the building .. laser will pick up the
        1's and 0'z of the infared transmissions between kb and pc

2. How easy/difficult would it be to take control of a computer without
having physical access to the keyboard at the console? What


should be easy if one had a line of sight to the keyboard/mouse

equipment/expertise would this require? (Probably at least the same as
above, plus a transmitter)


you, as the evesdropper, only want to receive... and not transmit

There are many docs, including photos and lab tests, on the associated
pages. For example, FCC docs show that this particular keyboard transmits on
a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't
seem there are enough electronics to perform advanced encryption.


bingo ... you're dead

Certainly somebody knows how to do this. Has anybody tried? Been successful?


it'd be a fun ( easy ) audit/pen-test to perform .. just takes time
to get the customized laser or pda with "sniffing(recording) tools"

========

all wireless transmissions should be considered sniffed/sniffable
and therefore, you should encrypt everything transmitted wirelessly
and for that matter, over wired communications too, everything is
transmistted encrypted or consider it open for anybody to see


c ya
alvin

Current thread:

Wireless Keyboard Security Badger, Jared (Mar 22)
- Re: Wireless Keyboard Security Alvin Oga (Mar 23)
  - Re: Wireless Keyboard Security Pedro Venda (Mar 23)
    - Re: Wireless Keyboard Security David King (Mar 24)
    - Re: Wireless Keyboard Security Glen Becker (Mar 28)
    - Re: Wireless Keyboard Security Kinnell (Mar 29)
- Re: Wireless Keyboard Security Kinnell (Mar 23)
- <Possible follow-ups>
- RE: Wireless Keyboard Security Beauford, Jason (Mar 23)
- RE: Wireless Keyboard Security Jeff Gercken (Mar 24)
- RE: Wireless Keyboard Security Matthew F. Caldwell (Mar 29)