A cyber security firm has issued a warning that hackers with just a basic level of skill and cheap equipment could intercept data typed on most wireless keyboards, including passwords.
Bastille Network say that wireless keyboards from any of HP, Toshiba, Radio Shack, Kensington, Insignia, EagleTec, General Electric and Anker have the same security issue, with many others also likely to have it too.
Millions of wireless keyboards in use around the world will have been made by one of these eight major companies, and they each have the same flaw in security. Hackers can take advantage of the flaw by purchasing equipment for less than £80, and intercepting the signals between the keyboard and the USB receiver plugged into the computer.
Known as KeySniffer, the cyber attack could let hackers within 100m ‘eavesdrop’ on every letter typed out on the keyboard, due to the radio signals that are transmitted from keyboard to computer being unencrypted. It is also possible for the hacker to remotely type onto the computer using the wireless keyboard, clearly putting the user at risk.
Ivan O’Sullivan, chief research officer at Bastille Network, said: “We went into a bunch of big box stores and purchased wireless keyboards.
“We were shocked to find that two-thirds transmitted all of their data in clear text, no encryption. We did not expect to see this. We didn’t think it would be in clear text. Hackers can intercept all the keystrokes from your keyboard up to 250 feet away. Through glass, walls, floors.”
Unfortunately, there is no easy fix to the problem. People cannot just download an update for the wireless keyboard’s firmware. Anyone potentially affected is being advised to use a Bluetooth keyboard instead, or “just get a wired keyboard”.
If you are determined to use a wireless keyboard, or other input device, then at least ensure that it comes with security features to protect your personal data from being intercepted by cyber criminals.