May 24th, 2013

We know what you typed last summer

An interesting advisory comes from guys at remote-exploit and dreamlab technologies dealing with (in)security of common non-bluetooth wireless keyboards sold by Microsoft (Wireless Optical Desktop 1000 and 2000). According to the white paper released on the subject (available here) only the actual key pressed is transmitted in encrypted form, all other communication such as keyboard identification, metakeys (Shift, Alt, etc.), and other data are all transmitted in clear text. Furthermore, the encryption scheme used for keystroke data consists of “a simple XOR mechanism with a single byte of random data generated during the association procedure”. What this means is that not only can you quickly brute force entire key space (256 combinations), but you can actually obtain the encryption key by intercepting the initial association of keyboard and receiver (as was demonstrated in this video ). Authors did not release the PoC tool to the public citing an ongoing research (meaning more goodies coming soon ;) . As such we can only applaud at this effort and look forward to seeing this tool in the upcoming Backtrack 3.

Microsoft Optical Desktop 1000

14 Responses to 'We know what you typed last summer'

  1. 1RobotSkirts » Blog Archive » We know what you typed last summer
    December 2nd, 2007 at 12:51 pm

    [...] We know what you typed last summer XOR’d against a single “random” byte for encryption?! Hahaha, that’s awesome. [...]


  2. 2cmdjunkie
    December 3rd, 2007 at 9:28 am

    Thats interesting, and sounds like it could be easily pulled off as well.


  3. 3IppatsuBlog » Crackare le tastiere wireless
    December 3rd, 2007 at 6:28 pm

    [...] [via midnightresearch] [...]


  4. 4IFZen
    December 4th, 2007 at 1:24 am

    So a simple statistical analyze should do it, counting the e’s.


  5. 5sk
    December 4th, 2007 at 12:34 pm

    Wow…. just wow… it’s almost like they’re not trying any more.


  6. 6Play Computer Games
    January 11th, 2008 at 5:41 pm

    Very nice ! I have to be careful using this kind of keyboard(s). Even worse to know that they have been sold by Microsoft.


  7. 7domeinregistratie
    January 11th, 2008 at 5:44 pm

    An interesting post with a nice title… Will consider this on my plan to buy a wireless keyboard.


  8. 8Midnight Research Labs – Keyboard Sniffing
    June 17th, 2009 at 7:59 am

    [...] talked about this before, and since it’s a pretty interesting project I thought it would be good to follow up on. The [...]


  9. 9how to unlock android phone
    July 31st, 2012 at 2:24 am

    Excellent weblog right here! Additionally your site quite a bit up fast!

    What host are you the usage of? Can I get your associate hyperlink
    for your host? I wish my web site loaded up as fast
    as yours lol


  10. 10five stars
    September 19th, 2012 at 8:39 am

    Very nice post. I just stumbled upon your
    weblog and wanted to say that I’ve truly enjoyed browsing your blog posts. After all I will be subscribing to your rss feed and I hope you write again very soon!


  11. 11http://www.youtube.com/watch?v=VEqTimv8Ago
    December 26th, 2012 at 2:11 am

    you’re really a good webmaster. The website loading speed is incredible. It seems that you’re doing any unique trick. Furthermore, The contents are masterwork. you have done a wonderful job on this topic!


  12. 12Leroy
    April 9th, 2013 at 12:03 am

    Superb information, but I’ve got a quick question… who made your theme? Did you build it yourself or is this a high grade theme? If it’s totally
    free, I would love to get it, it’s exactly the sort of template I need for my upcoming blog.


  13. 13Gerry Mazur
    April 9th, 2013 at 9:17 pm

    Hiya, I’m really glad I’ve found this info. Nowadays bloggers publish only about gossips and internet and this is actually annoying. A good site with exciting content, that is what I need. Thank you for keeping this web site, I will be visiting it. Do you do newsletters? Cant find it.


  14. 14Clifford Yacono
    April 9th, 2013 at 9:23 pm

    Hello there, I discovered your web site via Google at the same time as searching for a related subject, your site came up, it looks good. I’ve bookmarked it in my google bookmarks.


Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS