Do you use a wireless keyboard? Ever consider that someone or something could be capturing every keystroke you make? Don't let the keyboard's encryption option lull you into a false sense of security.
A very stealthy and scary threat has emerged recently for snooping on wireless keyboards. It's a completely functional USB wall charger that happens to also house a 2.4 GHz RF chip, Arduino microcontroller, and either flash memory to store keystrokes or a 2G radio for uploading keystrokes directly to the Internet.
This sneaky little device is called KeySweeper, and it is as scary as it is ingenious. Samy Kamkar has built the device and provided very clear and easy to follow instructions for building your own. For well under $100 you can be up and running with your very own KeySweeper.
Got a friend, enemy or competitor that you want to snoop on? No need to inject a keylogger on their system - just carefully get this installed in the vicinity of their workstation and voila!
This isn't the first time that wireless keyboards have proven to be vulnerable to snooping. A product called KeyKeriki, released a few years ago, could not only listen in on keyboard traffic, but it could control it too.
And don't think you're entirely safe with a wired keyboard either. There have been techniques for snooping in wired keyboards via electromagnetic emanations for the past few years. A detailed paper was presented at USENIX 2009, and a shorter article with videos was even published in 2008. These aren't nearly as easy or inexpensive to implement as wireless sniffing, but still just as feasible.
Don't just think about personal computers either. Consider that many kiosks are simple PCs in a pretty case. Combine a wireless webcam with a keyboard sniffer and someone could capture loads of information from a kiosk at a conference, for example.
If you look at too many research papers, you may feel that all attempts at privacy are futile. There are innumerable ways to spy on someone, even completely air gapped devices can be sniffed (slowly) using FM waves generated by a video display unit. Check out this video from last year:
Three Tips to Keep You Safe
The daily challenge is to find a balance between security and paranoia. The best advice I can give is simply to apply common sense and always take care with obvious risks and vulnerabilities.
- Using wireless keyboards in your office? Make sure the encryption hasn't been broken and published as free code on Github, or better yet, switch to wired keyboards.
- Download a suspicious file but your antivirus says it's clean? Upload it to Metascan Online for a second opinion (40+ second opinions).
- Not sure everyone in your family or office has a proper password, lock screen, antivirus, or patched OS? Install OPSWAT Gears and monitor the security and infection state of up to 25 devices for free.
The alternative approach, as hilariously depicted on slide 34 of this presentation about sniffing with lasers (sans sharks), leaves a lot to be desired:
Image Source: Inverse Path
