Did you know that wireless devices almost always present a security vulnerability? Wireless signals pass through the air and can be intercepted and read by a savvy attacker. To protect wireless communication sessions, usually the wireless link is protected with some form of encryption. Last week I was teaching a CISSP class, and we were discussing the security vulnerabilities inherent in wireless networking, when one of the students asked if wireless keyboards are secure. The research I did while answering this question inspired today’s article.
Most wireless keyboards are protected by AES encryption. Nevertheless, even encrypted wireless signals can be recorded using a Raspberry Pi configured as a Software Defined Radio. One exploit recorded the users encrypted computer login credentials, and played them back to unlock and access the computer.
The wireless USB dongle is also susceptible. While the keyboard may be running an encrypted session with the dongle, unencrypted input can still be sent to the dongle and played to access the attached computer and send commands.
The wireless keyboard can also be compromised in a way that turns it into a keylogger. Keyloggers simply record keystrokes in order to analyze the input and search for user credentials, credit card numbers, and other interesting personal information.
The wireless mouse, on the other hand, is usually not encrypted, and the keyboard can be bypassed completely by opening and using the on-screen keyboard, and typing credentials and other commands into the targeted computer using just the mouse.
You can expect to hear more about wireless exploits and attacks. As we move to an IoT filled world full of dozens of wireless network connections, securing these connections is more important than ever. For more information on the actual exploits, check the two articles below. There is nothing you can do to effectively protect yourself from these exploits, but the attacker would need to have close physical access within the effective range of the wireless keyboard’s radio system. They would need to be in your building nearby, so a good dose of situational awareness on your part would be useful. You could also go back to a wired USB keyboard and mouse.