Comments on: Researchers hack Microsoft wireless keyboards

Security experts claim to have cracked the protocol for securing some of Microsoft's wireless keyboards, potentially allowing keystroke logging.

[Leria]

I wasn't really expecting wireless keyboards

to be encrypted. What's the use of encrypting something that can MAYBE send information 3-6 feet... the person trying to packet sniff or something similar would have to be sitting almost right next to you in order to do so.

[Gayle Edwards]

Not true...

Its called BASIC-SECURITY. For on thing, yes, such transmissions can be detected further than "...3-6 feet" (especially with a, purpose-built, directional-antenna... just like the ones "war-drivers" use, these days).

The simple fact is that such low-power radio-emissions can (and have), most-certainly, been detected, far, further than many ordinary devices can reliably operate (especially when the frequencies and data-specifics, of such devices, are commonly-known). And, again yes, that information is valuable to nefarious "Hackers" (I.E. black-hats). This is no different than say, "war-driving", or "packet-sniffing", outside of a business, or a residence (a common set of cracker-pastimes).

Microsoft (or for that matter, anyone, that produces devices that contains/transmits "private-data") does have to be watchful for such "security holes".

"Basic security practices" state that... if "data" ever -leaves the box- (for any reason), common sense, and years of experience, unequivocally-dictate that it be encased in relatively-strong encryption.

But, finally, I am surprised that anyone (in this day and age) doesnt know that, what a person actually "types", is one of the most valuable forms of "data" there is.

[Penguinisto]

With one Pringles' Can...

With one Pringles Can, suitably modified into a unidirectional antenna, you can use an 802.11 WiFi access point from up to a quarter-mile away (almost half a kilometer). This is in spite of 802.11 wireless access points being good for only about 100 meters.

To make matters worse, MSFT's wireless keyboards operate on CB frequencies, which means there are already rigs that are sensitive enough to really reach out and listen for weak signals. Even worse? Get up a modified CB linear transmitter, and I can simply pump out random noise from it at 100 watts, and promptly jam-up an entire office full of wireless keyboards... it would take a couple of days to replace them all with USB or PS/2 keyboards, which means I can pick a time which is crucial to that office (say, right before some product is released), and *poof* - you missed your deadline. I'd hate to have to ever explain that one to the stockholders...

Of course no one really thinks about it, but then someone does... and suddenly you need security against the new threat. Never underestimate the ingenuity of a security researcher... or of a determined hacker.

/P

[KTLA_knew]

Six months?

Why would this company have a team of folks working on cracking this for six months? Obviously they're not selling the exploit, I wonder why this would be worth it for half a year of salary for this team, and they still have only begun the get anything useful.

Just curious why, interesting use of company resources, not that it wouldn't be fun...

[Vegaman_Dan]

One change and... poof

So all it takes is a single file update pushed out and this team's work for half a year would have been lost. Perhaps they are looking to make money by writing their own third party security utility they will market toward wireless keyboard users.

First you create a demand (this article), then you create a product to meet it.

[jelloburn]

It boggles my mind...

that companies are still using the old-fashioned, played out
dongle solution for wireless devices. Every Mac (and most
higher-end PCs) can be purchased with Bluetooth so why not
make more Bluetooth Wireless Keyboards and Mice?

I'm sick of having to purchase a notebook mouse if I want a
bluetooth mouse, and the only bluetooth keyboard options are
either the Apple ones (which don't have a num pad) or are overly
complex "Multimedia" keyboards that aren't going to work on
my Mac anyway.

For me, it comes down to not wanting to waste USB ports for
dongles. I'd rather use the built in Bluetooth to wirelessly
connect to my peripherals.

[aemarques]

I can help you

You want Bluetooth mice but only found the ones made by Apple? Probably because you only looked inside an Apple sotre... LOL

There are plenty of options out there, both from Microsoft and Logitech but also from other less known brand names.

http://www.microsoft.com/hardware/mouseandkeyboard/ProductList.aspx?Type=Mouse&AdditionalType=Trackball&feature1=bluetooth

http://www.logitech.com/index.cfm/mice_pointers/mice/&cl=roeu,en&page=1&filter=360&sort=0

[Seaspray0]

Silly Rabbit

Haven't you guys learned anything from the macboys? You're supposed to rant that "this doesn't count because it's not in the wild." Of course, that's not my sentiments. Whether it's in the hands of hackers or still locked up in a test lab somewhere, it's still a vulnerability and should be taken for what it's worth.

[Dalkorian]

That depends

That depends on whether or not it's exploited in the wild before it's
fixed, doesn't it? M$ doesn't have a great track record for fixing
security flaws before they're publicly exploited for 6 months.

[Penguinisto]

Even sillier...

...this ain't really a software issue. All I need is a slightly modified CB-frequency amplifier and I don't need no programming to jam your keyboard into utter uselessness. It would take an EE (or radio hobbyist) about 30 minutes, a few electronics components, and a soldering iron.

As a benefit, the radio-borne intruder doesn't have to worry about firewalls or any inherent protection measures to overcome (unless you have one hell of a Faraday Cage built into the walls, floor, and ceiling...)

I figure 100W of jamming can be parked in a car out in the parking lot somewhere... it'd take a week before the FCC bothered looking into it, and almost as long to discover that you were being jammed, find a means (and the gear) to locate the source, and by then, well... the intruder would be gone. ;)

It's like comparing Apples to antennas. ;)

/P

[Jim Harmon]

What a coincidence...

Remember that press release a few weeks ago about how an XP SP1 system with an unsecured wireless router, no firewall or AV was hacked into? As I read it, I was thinking "They might as well have left the keyboard on the sidewalk.'

Looks like they did. :)