Keyboard – Enter key replace with a RED HELP Key
Did you know that wireless devices almost always present a security vulnerability? Wireless signals pass through the air and can be intercepted and read by a savvy attacker. To protect wireless communication sessions, usually the wireless link is protected with some form of encryption. Last week I was teaching a CISSP class, and we were discussing the security vulnerabilities inherent in wireless networking, when one of the students asked if wireless keyboards are secure. The research I did while answering this question inspired today’s article.
Most wireless keyboards are protected by AES encryption. Nevertheless, even encrypted wireless signals can be recorded using a Raspberry Pi configured as a Software Defined Radio. One exploit recorded the users encrypted computer login credentials, and played them back to unlock and access the computer.
The wireless USB dongle is also susceptible. While the keyboard may be running an encrypted session with the dongle, unencrypted input can still be sent to the dongle and played to access the attached computer and send commands.
The wireless keyboard can also be compromised in a way that turns it into a keylogger. Keyloggers simply record keystrokes in order to analyze the input and search for user credentials, credit card numbers, and other interesting personal information.
The wireless mouse, on the other hand, is usually not encrypted, and the keyboard can be bypassed completely by opening and using the on-screen keyboard, and typing credentials and other commands into the targeted computer using just the mouse.
You can expect to hear more about wireless exploits and attacks. As we move to an IoT filled world full of dozens of wireless network connections, securing these connections is more important than ever. For more information on the actual exploits, check the two articles below. There is nothing you can do to effectively protect yourself from these exploits, but the attacker would need to have close physical access within the effective range of the wireless keyboard’s radio system. They would need to be in your building nearby, so a good dose of situational awareness on your part would be useful. You could also go back to a wired USB keyboard and mouse.
More information:
Share
NOV
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com