New research released by Bastille, a cyber-security company, reveals that some wireless keyboards are not as safe as we’d like to believe.
Every keystroke could end up in the hands of hackers lurking nearby if you’re using some of the low-cost wireless keyboards out there. The attack they’re vulnerable to, dubbed by the researchers as “KeySniffer,” is something you will want to know about.
Marc Newlin, the researcher from Bastille who made the discovery, explained that most of us simply expect the wireless keyboard we buy to be reasonably protected from hackers.
Unfortunately, as he said in a press release, “we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”
What KeySniffer does is allow hackers who are near you (some 250 ft away) to take an intrusive peek into the keystrokes you’re pushing. This makes it easy for them to potentially steal usernames, passwords, credit card numbers, and other personal information you wouldn’t share with the person sitting next to you in the coffee shop.
At the heart of the issue lies the lack of encryption between computers and the identified keyboards. Unlike their expensive counterparts, the low-cost keyboards are thus left vulnerable. The hacker can get your personal information using equipment that cost less than $100.
Thankfully, Bluetooth keyboards are exempt from this type of attack because they are subject to industry standards. In other words, Bastille explained, they are built to meet stronger security measures that keep your information protected.
However, researchers were surprised to find out that some of the keyboards made by major manufacturers – think HP and Toshiba – are also vulnerable because they rely on radio signals.
Bastille flagged HP’s “Wireless Classic Desktop Wireless Keyboard” and Toshiba’s “PA3871U-1ETB Wireless Keyboard” as being affected by the KeySniffer attack.
While neither HP nor Toshiba replied to requests for comments, Kensington, the manufacturer of another vulnerable keyboard (the Kensington ProFit Wireless Keyboard), said the company was taking “all necessary measures to close any security gaps and ensure the privacy of users.”
According to Bastille, all the manufacturers on the list have been contacted prior to the release of the research. Unfortunately, many of the devices that have been flagged cannot be updated to protect users against the attacks.