Ed Stoffel

On Society, Intelligence and Technology

“No matter how much you try to love, reach out, dialogue, and build bridges, the other guys are not going to be happy short of the abandonment of the Bible as a serious document relevant to our times.”
- David R. Stokes

Search Site

Sections

Cats (7)
Faith (15)
Family (20)
HomeSat (7)
Intelligence (13)
Media (8)
Medical (5)
Society (31)
Technology (48)

Keep up with the latest on internet security by listening to Steve Gibson’s Security Now

Ed Stoffel’s Posts

Ed Stoffel’s Headlines

Tuesday

08Jan

Insecurity of Wireless Keyboards

Posted on

January 8, 2008 in

Technology

Steve Gibson responds to an inquiry about the insecurity of wireless keyboards, informing listeners of Security Now that the Microsoft Wireless keyboards are so easy to intercept and decode, it’s child’s play:

Steve: Yup. Get a load of this. It’s not a 1-bit shift register. It’s a 1-byte static byte that is XORed with the data from the keyboard.
Leo: So would that be pretty easy to reverse engineer?
Steve: Leo, it’d be hard not to reverse engineer. It is horrifying. It’s horrifying.
Leo: And this is true not just for Microsoft, but do other keyboards do it this way?
Steve: Well, apparently Logitech has recognized that this is a problem that’s sooner or later going to get exposed. Microsoft’s wireless keyboards do this. The 1000 series and the 2000 series have been examined. The 3000 and the 4000 have not been. But it appears to be the same for them. Logitech has, like, a secure connect…
Leo: They have an encrypted keyboard, yeah.
Steve: Yeah. And so they’re boasting about that. But the extremely popular Microsoft keyboards, during the so-called “association phase,” the keyboard chooses a random byte, one byte of randomness, and provides it to the reader. Then the keystrokes you type are XORed with that one byte. Which means, as we know, there are 256 possible combinations of one byte, that the one byte can have. All you have to do is suck in a bunch of characters, you know, wait a few minutes for someone to type 20 or 30, and then in a heartbeat you could check every possible byte. One of them will turn what they’re typing into English or clear text or whatever language they’re typing in. In that case, at that point, their keyboard is decrypted for all intents and purposes, deciphered. What this means, of course, is that in a situation where people are within sniffing distance, radio distance of a keyboard, you absolutely have to consider that it is not safe. Keyboards are using a low frequency, 27MHz, which is extremely easy to receive, meaning that in an apartment building, neighbors who have a wireless keyboard could have everything they’re typing trivially decrypted, if it’s at least on these Microsoft Series 1000 and 2000 keyboards, and probably other keyboards. So it’s definitely a concern.

Transcript of Episode 122, Security Now

Permalink | tagged

encryption,

security,

tech,

wireless

Ed Stoffel

Tag Cloud

Insecurity of Wireless Keyboards