We all know about hackers stealing data from wireless networks by breaking their encryption, but has the security of your wireless keyboard ever concerned you? If you think about it your keyboard sends anything you type (websites, passwords, instant messenger conversations, etc…) to your computer. What’s stopping hackers from tapping into your keyboard’s wireless stream and gathering data that could potentially compromise your security?
As expected wireless keyboard vendors like Microsoft and Logitech provide encryption techniques to prevent this kind of stuff from happening. One group of researchers, however, were able to crack Microsoft’s wireless security scheme (PDF report) and intercept any of the text that was being sent. According them even very slow computers would be able to brute force the encryption key because of how insecure it is:
To our surprise, only the actual keystroke data seems to be encrypted. The Metaflags and identifier bits aren’t encrypted or obfuscated. The one byte USB Hid code is encrypted using a simple XOR mechanism with a single byte of random data generated during the association procedure.
This means that there are only 256 different key values possible per keyboard and receiver pair. We did not notice any automated key change interval and therefore assume that the encryption key stays the same until the user reassociates the keyboard. 256 key combination can be brute forced even with very slow computers today.
Using simple wordlist checking in combination with a weightening algorythm, every data in range can be decrypted within only a few keystrokes.
They tested this technique on the Microsoft Wireless Optical Desktop 1000 and 2000 keyboards, but they assume that other Microsoft wireless keyboards would produce the same results. As for Logitech they say that they have “additional software that seems to add another layer of encrpytion on top of the communication channel.”
For the sake of security the researches are withholding how to do this yourself, but they have submitted the information to Microsoft in hopes of seeing a patch soon. Good thing I’m still using an old fashioned wired keyboard. ;)