wireless keyboard security

George Toft george at georgetoft.com
Fri Nov 8 07:43:26 MST 2013 

Hi Derrick,

Topic keeping you up at night?  J/K

The answer, of course, is "it depends."  The older the keyboard, the 
weaker (or not at all) the encryption.  Microsoft now has AES encryption 
available 
(http://news.techworld.com/security/3284218/new-microsoft-wireless-keyboard-gets-128-bit-encryption/). 
Logitech had AES since at least 2009.  Google: wireless keyboard encryption

Also keep in mind some factors that mitigate wireless snooping risks:
* transmission power - not much you can do here, but the broadcast power 
is not that high - how far away does your keyboard work from the 
receiver?  In my experience, this is limited to about 3 feet (usually 
less - a lot less).
* distance to attacker's receiver - is the attacker in the same room or 
in a van with a high-gain antenna parked on the street? If you have a 
van parked outside, you might want to reconsider your lifestyle :)  
Seriously, this year's defcon demonstrated screen viewing by receiving 
the EM transmissions from the video cable (something the US and USSR 
were doing 25 years ago), so wired keyboard tapping is not too far away.
* shielding - do you have objects between you and the attacker that will 
absorb the transmissions?  With a wired keyboard, you can wrap the cable 
in a grounded coax sheath to shield the EM. Wireless?  Might have to 
wrap your room/house in a Faraday cage.
* time - how much is your keyboard in use?  More use gives the attacker 
more data to capture and analyze.

Just some stuff to think about.  The threat is real, but the probability 
is very low, unless you have other factors in your life that would bring 
about the surveillance van, then the game is up - nothing you can do 
will save you.

Cheers!

George Toft

On 11/8/2013 1:16 AM, Derek Trotter wrote:
> What kind of encryption if any is used by wireless keyboards?  Seems 
> to me that a wireless keyboard is a potential security issue.  After 
> all, all sorts of usernames and passwords would be broadcast by one.  
> This would just make the NSA's or any other group of bad guys' job easier.
> -- 
> "I get my copy of the daily paper, look at the obituaries page, and if I'm not there, I carry on as usual."
>
> Patrick Moore
>
>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.phxlinux.org
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.phxlinux.org/mailman/listinfo/plug-discuss

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phxlinux.org/pipermail/plug-discuss/attachments/20131108/ae0942d1/attachment.html>

More information about the PLUG-discuss mailing list