Ubiquitous vulnerabilities: Your wireless keyboard may not be secure

If you use a wireless keyboard, you may need to pay attention. Recently, Bastille, a network security company, released a study that believes that some of the popular wireless keyboards on the market are not secure. Through appropriate tools, hackers can intercept the user's input text, password, card number, and even secretly enter data into the computer.

In general, the wireless keyboard encrypts the user's data. In this case, even if a hacker intercepts the data stream, it will get some unresolvable garbled characters, but sometimes this encryption is not reliable.

Last year, a security researcher discovered a vulnerability on Microsoft's wireless keyboard and created a device to crack encrypted data. Bastille researcher Marc Newlin discovered even more shocking things. When studying 12 popular wireless keyboards from brands such as Hewlett-Packard and Toshiba, he found that most keyboards do not encrypt any data.

Initially, Newlin reverse engineered the receivers of the wireless keyboard to understand how they transmitted data. "I think this should be the first step," he said in an interview with the Atlantic website. "As a result, after completing this step, you can see that all keystroke data is transmitted in plaintext and is not encrypted at all. ”

This means that hackers can monitor anything that the user enters from 250 feet away without the user knowing about it. Hackers can also send spurious signals to the computer, letting it misunderstand that the keyboard is typing.

To make such attacks, hackers do not need equipment that is too expensive. Newlin used only a $40 signal receiver (controlled drone) and a $50 antenna to extend the range of reception. He called the tool KeySniffer and it was easy to find a leaky wireless keyboard.

It is worth noting that KeySniffer can only affect low-end, inexpensive wireless keyboards. Experts at Bastille say that the security holes on these keyboards are irreparable. If you are serious about security, the only solution is to switch to Bluetooth or wired keyboards because KeySniffer cannot do anything about them.

Bastille had informed keyboard makers prior to the disclosure of this information and gave them 3 months to fix the problem. However, most vendors did not have feedback. In response, Ivan O'Sullivan, Bastille’s chief revenue officer, expressed disappointment.

At present, Bastille has released its own discovery, but did not disclose the KeySniffer code. However, similar tools are likely to already exist. "Marc is a super smart guy," Ivan O'Sullivan said. "But is he the only person who can write this code? No. Is this kind of tool released? We don't know yet. If a smart person can finish it." For this matter, who can guarantee that others will not do it?"

This article from the Tencent News client from the media, does not represent the views and positions of Tencent News

Thick Wall Stainless Steel Pipe

Thick Wall Stainless Steel Pipe,Thick Wall Ss Pipe,Welding Think Wall Stainless Steel Tubing,Decorate Seamless Ss Thick Wall Pipe

ShenZhen Haofa Metal Precision Parts Technology Co., Ltd. , http://www.haofametals.com