Security on wireless mouse and keyboard

All we need is an easy explanation of the problem, so here it is.

At work I am using a wireless mouse and keyboard. I was sitting at my desk this morning wondering if and how they are secured against key loggers.

What stops another device from listening to my key strokes and looking for things like:

www.mybank.com<tab>1111222233334444<tab>mypassword

Is the assumption that the range on these devices is too small to be listened to by a malicous person?

How to solve :

I know you bored from this bug, So we are here to help you! Take a deep breath and look at the explanation of your problem. We have many solutions to this problem, But we recommend you to use the first method because it is tested & true method that will 100% work for you.

Method 1

Wireless keyboards should be considered insecure unless they specifically state they use channel encryption.

Do a google search for ‘keykeriki’ – it’s a sniffing tool for wireless keyboards.

eg: http://www.symantec.com/connect/blogs/wireless-keyboard-vulnerability

Method 2

Some manufacturers use AES encryption for selected or all keyboards that communicate with custom USB radio receiver, or implement Bluetooth which has its own security stack. Others only XOR data with certain value (e.g. MAC address) which is more of an obfuscation than encryption.

Here is an explanation from security researcher how he managed to capture communication of Microsoft Comfort Desktop 5000 http://travisgoodspeed.blogspot.com/2011/02/promiscuity-is-nrf24l01s-duty.html

When it comes to wireless mice – many manufacturers don’t use encryption (excluding Bluetooth devices) – I guess they assume that information about right/left key presses and screen coordinates is not confidential.

Method 3

It is possible to “sniff” the transmission, but yes due to the limited range and the fact that most of the devices are “paired” to one another it is harder to “sniff” this signal, than ,for example, cracking the wireless and collecting packets from there.

Note: Use and implement method 1 because this method fully tested our system.
Thank you 🙂

All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0

Leave a Reply