Advertisement

Beware: Some wireless keyboards can be hacked

 
Published July 30, 2016

Every keystroke you make on some wireless keyboards can be spied on by hackers lurking nearby, according to research by the cybersecurity firm Bastille. The "vast majority" of low-cost models are vulnerable to an attack researchers have dubbed "KeySniffer."

When we purchase a wireless keyboard, we reasonably expect that the manufacturer has designed and built security into the core of the product," said Marc Newlin, the Bastille researcher who discovered the vulnerability. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers were susceptible to the KeySniffer hack."

The attack allows hackers up to 250 feet away to eavesdrop on people as they type — potentially sucking up credit card numbers, passwords and other personal information, researchers said. The heart of the problem is that connections between computers and the identified keyboards don't use encryption, unlike more costly models, and are left vulnerable to a hacker with equipment costing less than $100.

The issue does not affect Bluetooth keyboards because they are subject to industry standards that require stronger security measures, according to Bastille. However, the company said some keyboards from major manufacturers, including HP and Toshiba, that rely on radio signals are vulnerable. In HP's case, Bastille found that its HP Wireless Classic Desktop keyboard was vulnerable, while Toshiba's PA3871U-1ETB wireless keyboard was also affected. HP and Toshiba did not respond to a request for comment.

Kensington, maker of another vulnerable keyboard called the Kensington ProFit Wireless Keyboard, released a statement saying it has taken "all necessary measures to close any security gaps and ensure the privacy of users" and has released a firmware update for the device that includes encryption.

Bastille recommends replacing the keyboards with Bluetooth or wired models.