Bugtraq mailing list archives
Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer"
From: Jacob Appelbaum <jacob () appelbaum net>
Date: Fri, 30 Nov 2007 15:25:37 -0800
Max Moser wrote:
Dear Listmembers, Today the team remote-exploit.org together with Dreamlab Technologies likes to release another piece of uniq research work. Although the trend in wireless communication in peripheral devices such as keyboards and mice is moving towards Bluetooth, market leaders such as Logitech and Microsoft rely on cost-efficient, tried-and-tested 27Mhz radio technology. Using just a simple radio receiver, a soundcard and suitable software, the remote-exploit.org members Max Moser & Philipp Schroedel have managed to tap and decode the radio frequencies transmitted between the keyboard and PC/notebook computer.
Hi Max, This is interesting work. It's also very similar to the work done by Luis Miras. He presented two papers on this very subject, "Other Wireless: New ways to get Pwned" at CanSecWest07[0] and BlackHat07[1]. Does your research take over where his left off? It seems like you found a way to simplify some parts of the analysis. I'd be interested in seeing the work. Will you be publishing the rest of your research within a given time frame? It seems like the cat is out of the bag, no? Also, did you manage to inject traffic as Luis did? Or is your attack limited to passive sniffing, brute forcing the "security byte" and XOR for plain text recovery? Impressive work reversing the keyboard protocol. Good job! Regards, Jacob [0] http://luis.ringzero.net/docs/CSW07-LuisMiras.pdf [1] http://luis.ringzero.net/docs/OtherWireless_BHUSA2007.pdf
Current thread:
- 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Max Moser (Nov 30)
- Re: 27Mhz based wireless security insecurities - Aka - "We know what you typed last summer" Jacob Appelbaum (Nov 30)