Wireless Keyboard Security

(1/3) > >>

Jared Badger:
(Duplicate message posted to eham.net Computer forum)

Hello All,

I was wondering if anybody out there has researched security of wireless keyboards.

SCENARIO:

A sneaky eavesdropper, Eve, would like to find out some gossip on her neighbor, Alice. Eve knows that Alice uses Yahoo for her email, and would just love to be able to log in to Alice's Yahoo mail account. But she doesn't know Alice's password. But luck, it seems, may be in Eve's corner, as Alice has recently installed a snazzy new wireless keyboard/mouse combo on her home computer. Eve, using her formidable knowledge of radio and electronics, sets up an antenna to pick up keyboard transmissions from Alice's house. After some persistence, Eve's laptop records a username, alice@yahoo.com and a password, "opensesame". Eve, ecstatic, logs on to Yahoo with the captured password and read's Alice's email, discovering lots of juicy secrets.

For a true story, see:

http://www.pcworld.com/howto/article/0,aid,108712,00.asp

My job involves reviewing computer security at a bank, and although the Alice/Eve scenario is fictional, it seems plausible. I was very surprised to see that nearly all of the computers at one of my branches are using these wireless mouse/keyboard combos. It seems like this could be a potentially serious security risk, so I would like to do some research on this topic. If these manufacturers have incorporated strong security measures, then I would like to know what they are. Or if not, then it would be better to know than not to know so as to take appropriate precautions. (see the above PCWorld story. Note that only 4000 combinations are used, trivial for a computer to crack) Of particular interest to me are:

1. How possible/easy/difficult is it to eavesdrop and capture keystrokes from a wireless keyboard using passive means only? What equipment/expertise does this require? (I am thinking it would probably take at least a spectrum analyzer, receiver, a laptop, and some custom software) What about taking the keyboard apart and reverse engineering it?

2. How easy/difficult would it be to take control of a computer without having physical access to the keyboard at the console? What equipment/expertise would this require? (Probably at least the same as above, plus a transmitter)

One example of a wireless keyboard/mouse combo is displayed here:

http://www.microsoft.com/hardware/mouseandkeyboard/productdetails.aspx?pid=014

By entering the following FCC ID's into the FCC website, you can get quite a bit of interesting information.

FCC ID's: C3KKB9 (keyboard), C3K1008 (mouse)

https://gullfoss2.fcc.gov/prod/oet/cf/eas/reports/GenericSearch.cfm

There are many docs, including photos and lab tests, on the associated pages. For example, FCC docs show that this particular keyboard transmits on a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't seem there are enough electronics to perform advanced encryption.

Certainly somebody knows how to do this. Has anybody tried? Been successful? Failed? Any information on common manufacturers (Logitech, Microsoft, Kensington, etc.), commonly used encryption/decryption, frequencies, encoding, signal power and range, etc. would be most appreciated.

Thanks in advance,

Jared Badger, CISSP
IT Security Manager
jaredbadger@hotmail.com

tom lish II:
For goodnes sakes, Man, this is a radio forum, not a computer forum..

go down to starbucks and search you self silly on their free wireless net..

what does this have to do with anything in ham radio??

you didn't even say Fan Dipole..  jeeeeezzzzzze

tom lish II:
For goodnes sakes, Man, this is a radio forum, not a computer forum..

go down to starbucks and search you self silly on their free wireless net..

what does this have to do with anything in ham radio??

you didn't even say Fan Dipole..  jeeeeezzzzzze

Dennis Zabawa:
Many years ago, when I worked in San Diego for the US Navy as a contractor, I encountered a Dodge motor home out on Point Loma.  They were parked in a secured parking lot near one of the old artillery batteries.  They also had some interesting antennas mounted on portable stands.  When I asked them what was up, they told me that they were a team sweeping the area for TEMPEST violations (i.e. Government computer systems used to process classsified data that were inadverently emitting RF signals that could be intercepted).  They had one antenna pointed at downtown San Diego.  On a CRT in the trailer, I was able to read each keystroke on the keyboard of a computer being used several miles away.  On another CRT, they had a fuzzy, but readable, picture of that same computers screen.  With knowledge and the right gear, NOTHING is secure.

Dennis / KG4RUL

Michael S. Higgins:
Most wireless mouse’s are inferred and travel only about 5 feet. There is no radio energy.

Navigation

[0] Message Index

[#] Next page