Kit attacks Microsoft keyboards (and a whole lot more) Security researchers on Friday unveiled an open-source device that captures the traffic of a wide variety of wireless devices, including keyboards, medical devices, and remote controls. Keykeriki version 2 captures the entire data stream sent between wireless devices using a popular series of chips made by Norway-based Nordic …
Relying on security through obscurity for something as critical as a wireless computer keyboard is stupid enough. But what verges on criminal is that this vulnerability in the Microsoft keyboards was demonstrated at Black Hat 2007, and subsequently written up by Max Moser and Philipp Schrödel and well publicised by Dreamlab -- yet we find three years later that Microsoft just continued to build the identical vulnerability into new keyboard models.
"But what verges on criminal is that this vulnerability in the Microsoft keyboards was demonstrated at Black Hat 2007, and subsequently written up by Max Moser and Philipp Schrödel and well publicised by Dreamlab -- yet we find three years later that Microsoft just continued to build the identical vulnerability into new keyboard models." .... Quxy Posted Saturday 27th March 2010 00:06 GMT
Which tells you, Quxy, LOUD and CLEAR, that it is a facility and function in the Microsoft keyboards?
XOR isn't even security through obscurity. I wonder why they even bothered, typical Microsoft botchering up something simple. Either you use a cypher or you don't. XOR is just stupid. They should have stuck with double ROT13. The security is pretty much the same, but at least it has a *double layer* of protection.
"The exploit worked because communications in the devices are protected by a weak form of encryption known as xor, which is trivial to break."
XOR'ing bytes is the first step into encryption... and the simplest to "crack", as you only have 256 possible 'keys'. Bad, bad Microsoft!
Does this mean I can crack a remote for a car? I would still not be able to drive off in it, I know ... I have a logitech wireless keyboard, would not trust Microsoft for anything, let alone a keyboard ... who buys that crap anyway? I might hqve to get my bluetooth Apple keyboard out of the closet and use that ... I read somewhere it is supported on .... linux, I doubt it will work on Solaris, though :-(
Microsoft claims a reliable working range of 5m for the keyboard with the associated crap receiver in a USB dongle, so some back-of-the-envelope calculations indicate that the unmarked van parked at the kerb should be able to monitor the keyboard on your office PC at 20 to 50m with a good receiver and (most importantly) good high-gain antenna.
In my last company, they bought stupidly expensive metal designer desks. The IT department then bought fancy MS wireless keyboards / mice.
If the keyboard or mouse was more than 3" from the receiver, it didn't work. Also the batteries needed changing about once a month to keep up the signal strength!
I suppose it would depend on the signal strength of the wireless keyboard - but in terms of corporate espionage, how hard would it be to 'convince' a member of the low paid cleaning staff to 'accidentally' leave one of these devices behind a desk, and collect it the next day?
Certainly beats having to break someone's fingers to get their password, though.
Steven R
From their website:
"we were able to execute commands remotely over a distance of 75m in-house."
I think that counts as moderately remote, it's not in the same leagure as WiFi, but it was originally not meant to go further than a meter or so. You can probably use a focused aerial and get an even better distance, but you're then no longer able to just walk around with it. The benefit would be that you could sweep a whole office block and focus on each office individually.
Bye bye non-OTP passwords..
Well done again, Max :-)
>Since when has a simple bit-munge like exclusive OR been "encryption"? It is only useful for making things "not immediately obvious"
That is encryption, numbnuts. You're talking about robustness of encryption. Different thing. Your comment is on the same level as "Windows isn't a real operating system." Nice soundbite that'll raise a laugh here and at your LUG meetings, but invalid and shows blinkered thinking. Mentioning Fidonet doesn't give you any more credibility, either.
As noted above, one more reason not to buy wireless keyboards, and not at all from people known for not knowing what they are doing.
But anyway, why people buy wireless keyboards anyway?
* if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up. If you really feel like typing in your bed, just get a laptop.
* often slow response times and / or reliability -- if you tried playing games with a wireless keyboard, there is a chance that it "forgot" a keystroke at least once or twice
* (usually) horrible compatibility. Now this is something which wouldn't matter much for a mouse, but something as essential as a keyboard? Basically, if your OS doesn't have a built-in driver for it, you're screwed (yes, you could use a virtual keyboard, but that's not in all OSes, and is just extremely annoying).
* OBVIOUS security implications -- why get into risk, when you can just get a goddamn USB or PS/2 if you're old school, which runs through a cable.
* last but not least, it's more expensive -- why waste money on something as simple as a keyboard? It's just keys sending signals, remember.
"* if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up. If you really feel like typing in your bed, just get a laptop."
While your first assumption is not valid (many people get wireless keyboards for laptops/tablets so they can sometimes use them at a desktop without mucking with cables) I'll admit the only wireless keyboard I own is for my desktop. From that standpoint, I'd argue against your first point with the point that mobility is not portability. I like my wireless kb because it allows me to move in my chair at my desk, lean back, forward, etc, without worrying about snagging a cable. Another real use is living room desktops/home theaters (or anyone with 30'+ display setup). To avoid killing your eyes, you'd need to sit a ways back from the display. 6-12' are very unwieldy and unreliable (not to mention the safety hazard), and wireless kb is much more efficient than wireless video.
"* often slow response times and / or reliability -- if you tried playing games with a wireless keyboard, there is a chance that it "forgot" a keystroke at least once or twice"
That depends on what you get. For reference, I generally buy the cheapest available (roughly $5-10 more than a wired keyboard, and that speaks to your "cost" argument), and I've never had my wireless kb drop a keystroke -- even when playing key-intensive, real-time games. Of course, not everyone uses a computer for games (I know, it's hard to believe, but I assure you it's true.)
"* (usually) horrible compatibility. Now this is something which wouldn't matter much for a mouse, but something as essential as a keyboard? Basically, if your OS doesn't have a built-in driver for it, you're screwed (yes, you could use a virtual keyboard, but that's not in all OSes, and is just extremely annoying)."
I've never seen a wireless keyboard that didn't work fine with Windows, or the several distros of Linux I use (I can't speak to MacOS as I don't have a Mac). In fact, evey one I've used didn't even need a specific driver -- they all work fine with the standard HID profile.
"* OBVIOUS security implications -- why get into risk, when you can just get a goddamn USB or PS/2 if you're old school, which runs through a cable."
For the reasons listed above. As far as security, that's a consideration in any technology purchase, including WIRED keyboards. Your first line of security with wireless technology is not going to be encryption, but signal strength. They're not going to hack it if they can't detect it. Then there is question of how much you type needs to be secured. But if you're really concerned about your neighbors sniffing out your snide comments on El Reg or your l33t WoW combos, do your homework befofe buying.
"* last but not least, it's more expensive -- why waste money on something as simple as a keyboard? It's just keys sending signals, remember."
That's a value judgment to be made by the individual. As my grandfather used to say, remember, if everyone was the same, we'd all be after your grandmother.
What I really want to know is why you felt the need to publish such a long, argumentantive comment about what is really a personal choice. You could have simply said "I don't want a wireless keyboard because I don't need flexibility at my desktop, and I've had reliability and compatibility issues with them in the past -- and now we know some of them are quite insecure. So they're not worth the premium to me." But instead, you made it into an argument. Why?
Why did I write such a long, argumentative reply? Because it's Sunday morning and I have work to do.
My experience with both Microsoft and Logitech wireless keyboards is that (just like mice) you plug them in and they work. (I recall that I had to go to system preferences to map some of the special keys to useful functions, but that's no big deal.)
Now of course that was with OSX and Linux, but I'd find it ironic if a Microsoft keyboard didn't "just work" when plugged into a Windows machine...
(Now I do have to agree that the times you actually need a wireless keyboard are pretty limited... and in those situations I prefer an IBM trackpoint keyboard with a long cord...)
OK
1. If you're short of space, and want to use your desk as a multi-purpose working space, it's much easier to move a wireless keyboard.
2. It's easier to clean a desk with a wireless keyboard on it. IT desks tend to be full of crap that shouldn't be there. If you can just swipe the whole lot off without worry of wires that's always a bonus.
3. If you have a Media Center PC wireless keyboards can be quite useful to control the machine remotely, a laptop doesn't really cut it if you have to have wires trailing to the big screen.
If you're using a big screen user interface you can still see what you're typing. Remote controls are useful, but keyboards are easier.
4. It looks kind of so much more modern. Wires are so yesterday.
5. Everyone needs another form of wireless transmission going through their skull. It's just the best way to get cancer.
"if you buy a keyboard, one assumes it's for a desktop. Therefore, random arguments about mobility really do not hold up."
I have a media centre PC. As far as its physical presence goes, it would certainly be classed as a desktop rather than a laptop, netbook or any other basic PC genre, but it's definitely not a desktop in the traditional sense. And whilst most of my day to day control over this PC is carried out via the IR remote, there are sufficient times when using a keyboard/touchpad makes life easier (or is simply essential) for me to have invested in a RF keyboard/touchpad combo. Given the choice between the vanishingly small risk of someone performing a drive-by attack on the RF link, or the significantly higher risk of someone tripping over the cable of a wired keyboard stretched across the living room, I'll take my chances with the RF link thanks...
Or whatever they call it... I think typically only uncaccented characters are shifted. Accent characters have a different ASCII code from the base character.
For instance, the five vowels, in order, two with accents, came out
from http://www.faqintosh.com/risorse/en/othutil/webapps/rot13/ as,
n é v b ü
XORing the stream of keypresses against a nonrepeating cryptographically-random sequence would be a lot more secure than XORing against the same byte for every keypress. Somehow I suspect that they are using the latter rather than the former though...
There are also attacks where just knowing the timing of the data packets, not the actual keys pressed, will give you a lot of useful information.
Not knowing what has been XORed aside (was it encrypted data or just plain data) and assuming that it is just the plain output from the keyboard, has anyone bothered to consider that XORing this data may just be a function of the electronics that they used? I realise that it's the fashion to badmouth MS, I find it hard to believe that MS would use something so simple to represent 'encryption', does MS say that they use encryption anywhere?
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
