Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Alarm sounded over wireless keyboard sniffer

'Cock-a-doodle-do', clucks Symantec.

Article comments

Security vendor Symantec is so concerned about the potential misuse of a new wireless keyboard sniffer it has put out a warning about the technology.

‘Keykeriki' - a play on words derived from the Italian onomatopoeia for the sound made by a cockerel -is the work of the Remote-Exploit.org , a semi-commercial group that has been working on the open source project for nearly two years.

The group claims the hardware and software combination can intercept the keystrokes from all Microsoft wireless keyboards using 27Mhz wireless radio transmission frequency by analysing electromagnetic patterns, and said it was working on doing the same for rival Logitech keyboards very soon.

What this means is that pressing keystrokes entered on a wireless keyboard could be ‘sniffed' from a distance up to around 10 metres, in theory giving criminals access to data such passwords and user names. Although the project has been in the open for some time, Symantec has only recently become concerned enough to now recommend that users in security-conscious environments return to using wired keyboards.

The apparently simple answer to the hack is encryption, but that ignores the fact that Bluetooth and radio-based keyboards already use encryption, albeit in a weak form - the sniffer is intercepting tiny electro-magnetic fluctuations as the keys are pressed, not as they are transmitted.

The principle has been understood for some time, as research released by a team at the Ecole Polytechnique Fédérale de Lausanne in Switzerland demonstrated last October.

The answer is either to introduce enough signal noise around the keyboard, use a wired keyboard (although this might also not be secure) or build in virtual keyboards for use when entering secure data. There is no sign that Windows 7 will come with such a utility, but perhaps it should.

The main component, the hardware, had yet to be finalised or put into a form that can be manufactured. The creators of Keykeriki say they will add an LCD to read keystrokes, a GPRS transmitter and even an iPhone ‘interface'.

What if the group's motivation for producing such a system? Officially, Remote-Exploit.org describes it in the following rather disingenuous terms on its website "This open source hardware and software project enables every person to verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose only)."

More likely, the group are demonstrating their security expertise as a way of getting other work. The chances of producing the required hardware in saleable form look (unpun), remote. Symantec's anti-malware software is not known to have any means to block or detect such sniffing, though it is possible that an electrical ‘anti-sniffer' could be developed to detect the Keykeriki interception.



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *