Researchers hack and crack Microsoft wireless keyboards

A radio receiver and a copper-wire antenna all that is needed to hack wireless signals between keyboards and computers from as far away as 33 feet

Weak encryption used by Microsoft's wireless keyboards can be cracked in a matter of moments, a pair of Swiss security researchers said this week, giving hackers a way to snatch passwords and financial account information in real-time and from a distance.

Max Moser and Philipp Schrodel, of the Swiss security company Dreamlab Technologies, cracked the one-byte encryption key used by Microsoft's Optical Desktop 1000 and 2000 keyboards, Moser said, then eavesdropped on keystroke traffic using an inexpensive radio receiver and a few inches of copper wire. "All we need is about 30 characters," Moser said, referring to the number of keystrokes necessary for analysis, "and we can decipher the text."

Armed with a radio receiver that costs less than US$80 and a copper-wire antenna, Moser and Schrodel were able to sniff out and pull in wireless signals between keyboards and computers from as far away as 33 feet. Walls and windows were no obstacle. "You could sit in a car across the street from an office," said Moser, "and point the antenna at a building on the other side of the street." With a longer antenna -- perhaps hidden inside a larger vehicle, such as a truck -- the range could be boosted to more than 130 feet.

Once the data packets transmitted from keyboard to computer have been pinched, it's a simple job to crack the code. Microsoft's wireless keyboards use a one-byte encryption key that provides only 256 possible key values for each keyboard and its associated receiver, the part that plugs into the PC. "We try every one of those for each keystroke, and then compare them to wordlist in combination with a weighted algorithm," said Moser. "It only takes about 30 keystrokes to recover the encryption key."

From there, anything typed on the hacked keyboard shows up in a separate window in the sniffer/decoder software the two researchers crafted. They were even able to grab keystrokes from multiple keyboards simultaneously, with each keyboard's results appearing in a separate window.

While Moser and Schrodel haven't wrapped up research on other wireless keyboards, they're in the middle of picking apart models from Logitech. Moser also suspects that it will be possible to hack other brands, since they all rely on the same 27MHz frequency to communicate.

Because it's impossible to update a wireless keyboard's firmware, and thus patch the encryption weakness, Moser said he and his colleague don't intend to release a proof-of-concept. They have, however, contacted Microsoft and received confirmation from that the problem exists.

If the idea that a hacker can pull passwords out of thin air is worrying, Moser has something "even more evil," as he put it, in the wings.

"Right now we can read the keystrokes, but we are currently working on also injecting data. We should be able to inject to the keyboard what we want to type on the computer," said Moser. "That is even more evil."

Join the newsletter!

Or
Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?