SAN FRANCISCO (KPIX 5) — A computer security firm has a warning for wireless keyboard users: a flaw found in millions of devices allows hackers to read what you’re typing.
Santa Cruz-based Bastille Networks said it has discovered the security flaw in low-end wireless keyboards.
Using an off-the-shelf USB radio antenna and a laptop with publicly-available software, Bastille found it’s possible to intercept and record the signal from wireless keyboards – from as far as 250 feet away – in a process called keysniffing.
The process records everything a hacker needs to steal your identity: addresses, social security numbers, birthdates – basically everything you type – and you don’t need a computer science degree to figure it out.
“The average person can do it,” said Balint Seeber, Bastille’s director of vulnerability research. “If you order the dongle online and download the open source software from the internet, it’s just a couple lines to type into your console here, and that’ll get you up and running and sniffing for vulnerable devices in your airspace.”
The affected wireless keyboard brands are Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.
“That represents millions of keyboards out in the world,” said Risley. “The manufacturers make these things and don’t check that they’ve got the vulnerabilities.”
Bastille said it notified the manufacturers three months ago. To date, only two companies responded and offered a fix.
“Some people engage it seriously and try to make their product more secure,” said Seeber. “Others just say, ‘well, it’s no big deal.’”
If your manufacturer is not offering a fix, the only option is to get a wired or bluetooth keyboard, according to the company.