We know what you typed last summer
cybernmd posted in Uncategorized, exploits, hacking, hardware hacks on December 1st, 2007
An interesting advisory comes from guys at remote-exploit and dreamlab technologies dealing with (in)security of common non-bluetooth wireless keyboards sold by Microsoft (Wireless Optical Desktop 1000 and 2000). According to the white paper released on the subject (available here) only the actual key pressed is transmitted in encrypted form, all other communication such as keyboard identification, metakeys (Shift, Alt, etc.), and other data are all transmitted in clear text. Furthermore, the encryption scheme used for keystroke data consists of “a simple XOR mechanism with a single byte of random data generated during the association procedure”. What this means is that not only can you quickly brute force entire key space (256 combinations), but you can actually obtain the encryption key by intercepting the initial association of keyboard and receiver (as was demonstrated in this video ). Authors did not release the PoC tool to the public citing an ongoing research (meaning more goodies coming soon ;). As such we can only applaud at this effort and look forward to seeing this tool in the upcoming Backtrack 3.




December 2nd, 2007 at 12:51 pm
[...] We know what you typed last summer XOR’d against a single “random” byte for encryption?! Hahaha, that’s awesome. [...]
December 3rd, 2007 at 9:28 am
Thats interesting, and sounds like it could be easily pulled off as well.
December 3rd, 2007 at 6:28 pm
[...] [via midnightresearch] [...]
December 4th, 2007 at 1:24 am
So a simple statistical analyze should do it, counting the e’s.
December 4th, 2007 at 12:34 pm
Wow…. just wow… it’s almost like they’re not trying any more.
January 11th, 2008 at 5:41 pm
Very nice ! I have to be careful using this kind of keyboard(s). Even worse to know that they have been sold by Microsoft.
January 11th, 2008 at 5:44 pm
An interesting post with a nice title… Will consider this on my plan to buy a wireless keyboard.