Researchers hack and crack Microsoft wireless keyboards

A radio receiver and a copper-wire antenna all that is needed to hack wireless signals between keyboards and computers from as far away as 33 feet

Weak encryption used by Microsoft's wireless keyboards can be cracked in a matter of moments, a pair of Swiss security researchers said this week, giving hackers a way to snatch passwords and financial account information in real-time and from a distance.

Max Moser and Philipp Schrodel, of the Swiss security company Dreamlab Technologies, cracked the one-byte encryption key used by Microsoft's Optical Desktop 1000 and 2000 keyboards, Moser said, then eavesdropped on keystroke traffic using an inexpensive radio receiver and a few inches of copper wire. "All we need is about 30 characters," Moser said, referring to the number of keystrokes necessary for analysis, "and we can decipher the text."

Armed with a radio receiver that costs less than US$80 and a copper-wire antenna, Moser and Schrodel were able to sniff out and pull in wireless signals between keyboards and computers from as far away as 33 feet. Walls and windows were no obstacle. "You could sit in a car across the street from an office," said Moser, "and point the antenna at a building on the other side of the street." With a longer antenna -- perhaps hidden inside a larger vehicle, such as a truck -- the range could be boosted to more than 130 feet.

Once the data packets transmitted from keyboard to computer have been pinched, it's a simple job to crack the code. Microsoft's wireless keyboards use a one-byte encryption key that provides only 256 possible key values for each keyboard and its associated receiver, the part that plugs into the PC. "We try every one of those for each keystroke, and then compare them to wordlist in combination with a weighted algorithm," said Moser. "It only takes about 30 keystrokes to recover the encryption key."

From there, anything typed on the hacked keyboard shows up in a separate window in the sniffer/decoder software the two researchers crafted. They were even able to grab keystrokes from multiple keyboards simultaneously, with each keyboard's results appearing in a separate window.

While Moser and Schrodel haven't wrapped up research on other wireless keyboards, they're in the middle of picking apart models from Logitech. Moser also suspects that it will be possible to hack other brands, since they all rely on the same 27MHz frequency to communicate.

Because it's impossible to update a wireless keyboard's firmware, and thus patch the encryption weakness, Moser said he and his colleague don't intend to release a proof-of-concept. They have, however, contacted Microsoft and received confirmation from that the problem exists.

If the idea that a hacker can pull passwords out of thin air is worrying, Moser has something "even more evil," as he put it, in the wings.

"Right now we can read the keystrokes, but we are currently working on also injecting data. We should be able to inject to the keyboard what we want to type on the computer," said Moser. "That is even more evil."

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?