Millions of Popular Wireless Keyboards Vulnerable To Latest ‘Keysniffer’ Hack

bastille keysniffer
Nothing beats wireless for convenience, but whenever you transmit important data through the air, there's a risk that someone could be nearby, ready to intercept the signals before they reach their destination. If this sounds familiar, it might be because we talked about this very thing earlier this year, when security firm Bastille ousted 'MouseJack', an overly-marketed vulnerability affecting wireless peripherals from major vendors, including Microsoft and Logitech.

Well, Bastille is back, this time with 'KeySniffer', another vulnerability (or set of vulnerabilities) that has apparently also deserved its own logo.

HP Wireless Classic Desktop

While it'd be easy to jump to conclusions that Bluetooth is probably at fault here, that's not the case. Instead, non-Bluetooth keyboards from eight different vendors are affected, with Bastille claiming that interception could happen from "several hundred feet away".

Bastille has a list of affected products (seen at the URL below this post), with vendors including Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack, and Toshiba. To date, three of these companies have responded to the issue, and have promised to either fix the issue or offer refunds.

Bastille notes that its list of affected products is not considered exhaustive, so there could very well be models from the same vendor, or other vendors, that are vulnerable just the same. If your wireless keyboard promises encryption, and uses Bluetooth, you should be able to feel pretty safe. According to Bastille, absolutely none of these affected keyboards use any sort of encryption, which is an appalling design in this day and age.


Via:  Keysniffer
Show comments blog comments powered by Disqus