Researchers hack and crack Microsoft wireless keyboards

A radio receiver and a copper-wire antenna all that is needed to hack wireless signals between keyboards and computers from as far away as 33 feet

Weak encryption used by Microsoft's wireless keyboards can be cracked in a matter of moments, a pair of Swiss security researchers said this week, giving hackers a way to snatch passwords and financial account information in real-time and from a distance.

Max Moser and Philipp Schrodel, of the Swiss security company Dreamlab Technologies, cracked the one-byte encryption key used by Microsoft's Optical Desktop 1000 and 2000 keyboards, Moser said, then eavesdropped on keystroke traffic using an inexpensive radio receiver and a few inches of copper wire. "All we need is about 30 characters," Moser said, referring to the number of keystrokes necessary for analysis, "and we can decipher the text."

Armed with a radio receiver that costs less than US$80 and a copper-wire antenna, Moser and Schrodel were able to sniff out and pull in wireless signals between keyboards and computers from as far away as 33 feet. Walls and windows were no obstacle. "You could sit in a car across the street from an office," said Moser, "and point the antenna at a building on the other side of the street." With a longer antenna -- perhaps hidden inside a larger vehicle, such as a truck -- the range could be boosted to more than 130 feet.

Once the data packets transmitted from keyboard to computer have been pinched, it's a simple job to crack the code. Microsoft's wireless keyboards use a one-byte encryption key that provides only 256 possible key values for each keyboard and its associated receiver, the part that plugs into the PC. "We try every one of those for each keystroke, and then compare them to wordlist in combination with a weighted algorithm," said Moser. "It only takes about 30 keystrokes to recover the encryption key."

From there, anything typed on the hacked keyboard shows up in a separate window in the sniffer/decoder software the two researchers crafted. They were even able to grab keystrokes from multiple keyboards simultaneously, with each keyboard's results appearing in a separate window.

While Moser and Schrodel haven't wrapped up research on other wireless keyboards, they're in the middle of picking apart models from Logitech. Moser also suspects that it will be possible to hack other brands, since they all rely on the same 27MHz frequency to communicate.

Because it's impossible to update a wireless keyboard's firmware, and thus patch the encryption weakness, Moser said he and his colleague don't intend to release a proof-of-concept. They have, however, contacted Microsoft and received confirmation from that the problem exists.

If the idea that a hacker can pull passwords out of thin air is worrying, Moser has something "even more evil," as he put it, in the wings.

"Right now we can read the keystrokes, but we are currently working on also injecting data. We should be able to inject to the keyboard what we want to type on the computer," said Moser. "That is even more evil."

Join the Good Gear Guide newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?