Feeds

back to article Kit attacks Microsoft keyboards (and a whole lot more)

Security researchers on Friday unveiled an open-source device that captures the traffic of a wide variety of wireless devices, including keyboards, medical devices, and remote controls. Keykeriki version 2 captures the entire data stream sent between wireless devices using a popular series of chips made by Norway-based Nordic …

COMMENTS

This topic is closed for new posts.
Silver badge

I'm old skool. I likes the copper!

I really miss keyboard curly-cables. (I assume USB signals don't like the loops so much).

0
0
Silver badge

Curly Capability

I can sell you some special USB controller cards that are capable of sending and receiving USB 2.0 through 2 metres of curly cable. Get in touch to discuss quantity and prices.

0
0
Thumb Up

i think the reason is

its cheaper to make non-curly cables...

and i agree - retro keyboards are so cool - although i do like my fruity keyboard.

0
0
FAIL

STILL no crypto?

Relying on security through obscurity for something as critical as a wireless computer keyboard is stupid enough. But what verges on criminal is that this vulnerability in the Microsoft keyboards was demonstrated at Black Hat 2007, and subsequently written up by Max Moser and Philipp Schrödel and well publicised by Dreamlab -- yet we find three years later that Microsoft just continued to build the identical vulnerability into new keyboard models.

1
0
Silver badge

Windows lets one see what is going on inside from outside

"But what verges on criminal is that this vulnerability in the Microsoft keyboards was demonstrated at Black Hat 2007, and subsequently written up by Max Moser and Philipp Schrödel and well publicised by Dreamlab -- yet we find three years later that Microsoft just continued to build the identical vulnerability into new keyboard models." .... Quxy Posted Saturday 27th March 2010 00:06 GMT

Which tells you, Quxy, LOUD and CLEAR, that it is a facility and function in the Microsoft keyboards?

2
0
Gates Horns

Obscurity ?

XOR isn't even security through obscurity. I wonder why they even bothered, typical Microsoft botchering up something simple. Either you use a cypher or you don't. XOR is just stupid. They should have stuck with double ROT13. The security is pretty much the same, but at least it has a *double layer* of protection.

1
0
Gates Horns

Can't wait..

Can't wait until someone invents a device that detects a user typing "dir<ret>" and adds an extra "rmdir -f C:\WinNT<ret>" on the end of it...

0
0
Silver badge

DMCA

Since it's illegal to decrypt the contents you don't need a secure algorithm!

4
0

echo

(quote)

no beer icon, i still 211, but im ashamed of it

0
1
Silver badge
Boffin

Weak encryption? More like 'bit operation'

"The exploit worked because communications in the devices are protected by a weak form of encryption known as xor, which is trivial to break."

XOR'ing bytes is the first step into encryption... and the simplest to "crack", as you only have 256 possible 'keys'. Bad, bad Microsoft!

2
0
Jobs Horns

Looks interesting

Just what legit uses can this be used for?

0
0
Anonymous Coward

Uses

Kicking hardware manufacturers into gear so you don't lose your credit card number / other personal details.

:-)

1
0
FAIL

Cars

Does this mean I can crack a remote for a car? I would still not be able to drive off in it, I know ... I have a logitech wireless keyboard, would not trust Microsoft for anything, let alone a keyboard ... who buys that crap anyway? I might hqve to get my bluetooth Apple keyboard out of the closet and use that ... I read somewhere it is supported on .... linux, I doubt it will work on Solaris, though :-(

0
0
WTF?

No matter the OS.....

I DON'T trust or like wireless devices. Thank you for giving me anther reason to avoid the wireless keyboard.

2
0
Thumb Up

well, a wireless...

mouse is ok, i use one in the office and its fine, but wireless keyboards, god no!!

1
0
Silver badge

Could this be exploited...

...without physical penetration? From the looks of things, you have to be physically near the point of interest in order to exploit this vulnerability: one way or the other. Sounds to me like you'll have other things of concern at that point.

1
1

re: Could this be exploited...

One example ... How about a device fitted to every workstation in those Internet cafés, who have recently been asked by the Met to spy on Muslim people? (If I read the story correctly)

http://www.theregister.co.uk/2010/03/25/cafe_prevent/

0
0
Alert

Can, and undoubtedly has been

Microsoft claims a reliable working range of 5m for the keyboard with the associated crap receiver in a USB dongle, so some back-of-the-envelope calculations indicate that the unmarked van parked at the kerb should be able to monitor the keyboard on your office PC at 20 to 50m with a good receiver and (most importantly) good high-gain antenna.

0
0
Silver badge

Physical location

I suppose it would depend on the signal strength of the wireless keyboard - but in terms of corporate espionage, how hard would it be to 'convince' a member of the low paid cleaning staff to 'accidentally' leave one of these devices behind a desk, and collect it the next day?

Certainly beats having to break someone's fingers to get their password, though.

Steven R

0
0
Gold badge
Thumb Up

Distance: 75 m

From their website:

"we were able to execute commands remotely over a distance of 75m in-house."

I think that counts as moderately remote, it's not in the same leagure as WiFi, but it was originally not meant to go further than a meter or so. You can probably use a focused aerial and get an even better distance, but you're then no longer able to just walk around with it. The benefit would be that you could sweep a whole office block and focus on each office individually.

Bye bye non-OTP passwords..

Well done again, Max :-)

0
0
dnl

Read the actual presentation...

...and you'll see they indicate up to a 75m range. That's a far cry from needing physical penetration; it certainly puts eavesdropping in the realm of possibilities...

0
0
Stop

That doesn't count as moderately remote!

75m in-house counts as a freakin' big house!

0
0
Gold badge
FAIL

Depends on the desk

In my last company, they bought stupidly expensive metal designer desks. The IT department then bought fancy MS wireless keyboards / mice.

If the keyboard or mouse was more than 3" from the receiver, it didn't work. Also the batteries needed changing about once a month to keep up the signal strength!

0
0
Silver badge

protected by a weak form of encryption known as xor

Since when has a simple bit-munge like exclusive OR been "encryption"? It is only useful for making things "not immediately obvious", like ROT13 on Fidonet, mailing lists, etc.

2
1
Anonymous Coward

@heyrick

>Since when has a simple bit-munge like exclusive OR been "encryption"? It is only useful for making things "not immediately obvious"

That is encryption, numbnuts. You're talking about robustness of encryption. Different thing. Your comment is on the same level as "Windows isn't a real operating system." Nice soundbite that'll raise a laugh here and at your LUG meetings, but invalid and shows blinkered thinking. Mentioning Fidonet doesn't give you any more credibility, either.

1
4
Gold badge
Happy

Sarcasm

You may want to look it up if you want to keep up around here :-)

0
0
Thumb Down

Why would you want a wireless keyboard?

As noted above, one more reason not to buy wireless keyboards, and not at all from people known for not knowing what they are doing.

But anyway, why people buy wireless keyboards anyway?

* if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up. If you really feel like typing in your bed, just get a laptop.

* often slow response times and / or reliability -- if you tried playing games with a wireless keyboard, there is a chance that it "forgot" a keystroke at least once or twice

* (usually) horrible compatibility. Now this is something which wouldn't matter much for a mouse, but something as essential as a keyboard? Basically, if your OS doesn't have a built-in driver for it, you're screwed (yes, you could use a virtual keyboard, but that's not in all OSes, and is just extremely annoying).

* OBVIOUS security implications -- why get into risk, when you can just get a goddamn USB or PS/2 if you're old school, which runs through a cable.

* last but not least, it's more expensive -- why waste money on something as simple as a keyboard? It's just keys sending signals, remember.

1
0
Silver badge
Paris Hilton

Why I buy wireless keyboards

"* if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up. If you really feel like typing in your bed, just get a laptop."

While your first assumption is not valid (many people get wireless keyboards for laptops/tablets so they can sometimes use them at a desktop without mucking with cables) I'll admit the only wireless keyboard I own is for my desktop. From that standpoint, I'd argue against your first point with the point that mobility is not portability. I like my wireless kb because it allows me to move in my chair at my desk, lean back, forward, etc, without worrying about snagging a cable. Another real use is living room desktops/home theaters (or anyone with 30'+ display setup). To avoid killing your eyes, you'd need to sit a ways back from the display. 6-12' are very unwieldy and unreliable (not to mention the safety hazard), and wireless kb is much more efficient than wireless video.

"* often slow response times and / or reliability -- if you tried playing games with a wireless keyboard, there is a chance that it "forgot" a keystroke at least once or twice"

That depends on what you get. For reference, I generally buy the cheapest available (roughly $5-10 more than a wired keyboard, and that speaks to your "cost" argument), and I've never had my wireless kb drop a keystroke -- even when playing key-intensive, real-time games. Of course, not everyone uses a computer for games (I know, it's hard to believe, but I assure you it's true.)

"* (usually) horrible compatibility. Now this is something which wouldn't matter much for a mouse, but something as essential as a keyboard? Basically, if your OS doesn't have a built-in driver for it, you're screwed (yes, you could use a virtual keyboard, but that's not in all OSes, and is just extremely annoying)."

I've never seen a wireless keyboard that didn't work fine with Windows, or the several distros of Linux I use (I can't speak to MacOS as I don't have a Mac). In fact, evey one I've used didn't even need a specific driver -- they all work fine with the standard HID profile.

"* OBVIOUS security implications -- why get into risk, when you can just get a goddamn USB or PS/2 if you're old school, which runs through a cable."

For the reasons listed above. As far as security, that's a consideration in any technology purchase, including WIRED keyboards. Your first line of security with wireless technology is not going to be encryption, but signal strength. They're not going to hack it if they can't detect it. Then there is question of how much you type needs to be secured. But if you're really concerned about your neighbors sniffing out your snide comments on El Reg or your l33t WoW combos, do your homework befofe buying.

"* last but not least, it's more expensive -- why waste money on something as simple as a keyboard? It's just keys sending signals, remember."

That's a value judgment to be made by the individual. As my grandfather used to say, remember, if everyone was the same, we'd all be after your grandmother.

What I really want to know is why you felt the need to publish such a long, argumentantive comment about what is really a personal choice. You could have simply said "I don't want a wireless keyboard because I don't need flexibility at my desktop, and I've had reliability and compatibility issues with them in the past -- and now we know some of them are quite insecure. So they're not worth the premium to me." But instead, you made it into an argument. Why?

Why did I write such a long, argumentative reply? Because it's Sunday morning and I have work to do.

0
0
Stop

old is relative

"or PS/2 if you're old school"

Since when has PS/2 been old school??? I've still got a stack of AT keyboards somewhere.

0
0
WTF?

Drivers? For a keyboard?

My experience with both Microsoft and Logitech wireless keyboards is that (just like mice) you plug them in and they work. (I recall that I had to go to system preferences to map some of the special keys to useful functions, but that's no big deal.)

Now of course that was with OSX and Linux, but I'd find it ironic if a Microsoft keyboard didn't "just work" when plugged into a Windows machine...

(Now I do have to agree that the times you actually need a wireless keyboard are pretty limited... and in those situations I prefer an IBM trackpoint keyboard with a long cord...)

0
0
Silver badge
Linux

I use a wireless keyboard

I have a lounge room PC for watching movies etc. It has a wireless (Logitech) keyboard for reasons which should be readily apparent.

0
0

And very last, but nonetheless...

The batteries always tend to die at particularly critical moments, and in full compliance with Murphy's Law, that is, when you don't have a spare set.

0
0

Why Wireless Keyboard...

OK

1. If you're short of space, and want to use your desk as a multi-purpose working space, it's much easier to move a wireless keyboard.

2. It's easier to clean a desk with a wireless keyboard on it. IT desks tend to be full of crap that shouldn't be there. If you can just swipe the whole lot off without worry of wires that's always a bonus.

3. If you have a Media Center PC wireless keyboards can be quite useful to control the machine remotely, a laptop doesn't really cut it if you have to have wires trailing to the big screen.

If you're using a big screen user interface you can still see what you're typing. Remote controls are useful, but keyboards are easier.

4. It looks kind of so much more modern. Wires are so yesterday.

5. Everyone needs another form of wireless transmission going through their skull. It's just the best way to get cancer.

0
0

First define "desktop"

"if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up."

I have a media centre PC. As far as its physical presence goes, it would certainly be classed as a desktop rather than a laptop, netbook or any other basic PC genre, but it's definitely not a desktop in the traditional sense. And whilst most of my day to day control over this PC is carried out via the IR remote, there are sufficient times when using a keyboard/touchpad makes life easier (or is simply essential) for me to have invested in a RF keyboard/touchpad combo. Given the choice between the vanishingly small risk of someone performing a drive-by attack on the RF link, or the significantly higher risk of someone tripping over the cable of a wired keyboard stretched across the living room, I'll take my chances with the RF link thanks...

0
0

OT...

"...like ROT13 on Fidonet, mailing lists, etc."

Does ROT13 work on more developed languages (languages using more than 26 letters) than english ?

0
0

Le rotation à treize

Or whatever they call it... I think typically only uncaccented characters are shifted. Accent characters have a different ASCII code from the base character.

For instance, the five vowels, in order, two with accents, came out

from http://www.faqintosh.com/risorse/en/othutil/webapps/rot13/ as,

n é v b ü

0
0
Gold badge
Happy

XOR "Encryption"

This will be that dry Nordic sense of humor at work. I'm quite sure his audience knew this is about as far from *real* security as using a PIN based on your DOB for a confidential file and putting it on a post-it note *with* the file when you send it off.

0
0
Coffee/keyboard

depends on what you XOR it with

XORing the stream of keypresses against a nonrepeating cryptographically-random sequence would be a lot more secure than XORing against the same byte for every keypress. Somehow I suspect that they are using the latter rather than the former though...

There are also attacks where just knowing the timing of the data packets, not the actual keys pressed, will give you a lot of useful information.

0
0
Silver badge
FAIL

Wireless Keyboards...we all tried them for 5 minutes.

Then dumped them the minute the batteries ran out halfway though a good forum rant reply.

Filed in the "Seemed like a good idea at the time!" bin.

2
0
Happy

Microsoft the gift that just keeps giving.

Now I know what to send as a corporate gift, with a little advertising flyer from aonther company.

Probably wont score an admin password, but management types like to have corporate credit cards.

KACHING!

Dogbert Rules!

1
0
Unhappy

XOR encryption

Are you guys on crack?

XOR isn't inherently "secure" or "insecure".

XOR your plaintext with a one time pad and your encryption is stronger than AES, XOR your plaintext with "PASSWORDPASSWORDPASSWORDPAS..." and you're in trouble.

Stop hating on the XOR!

0
0

XOR

Not knowing what has been XORed aside (was it encrypted data or just plain data) and assuming that it is just the plain output from the keyboard, has anyone bothered to consider that XORing this data may just be a function of the electronics that they used? I realise that it's the fashion to badmouth MS, I find it hard to believe that MS would use something so simple to represent 'encryption', does MS say that they use encryption anywhere?

1
0
This topic is closed for new posts.