This Just In! - News, X-Pert Advice

Wireless Keyboards Leak Passwords

Biz X Magazine X-Pert Advice, Culture Eats Strategy, Startup Failure, Motivation, bloatware, TeslaCrypt, Increase productivity, wireless keyboards, login page vulnerability, Denial of Service, Computer Security - Makeover for the Holidays, PHPMailer Critical Vulnerability Discovered Today, Windows 10 Upgrade, Computer Security

Wireless keyboards are convenient when you want to eliminate that pesky wire or if your computer is set up in a location that is not easy to access.

But be aware – wireless keyboards could be broadcasting your passwords and other sensitive information.

There are generally two types of wireless keyboards:  those that come with their own “dongle” – the small receiver that needs to be plugged into your computer, and those that use Bluetooth technology to communicate with bluetooth-enabled computing devices.

Vulnerabilities with “dongle” based keyboards

While some brands have proper encryption security built-in to the wireless communication between the keyboard and the receiver, many do not.  If you happen to be using one of these less expensive models, everything you type – including passwords, credit card numbers, PIN codes and answers to security questions – can be pulled from the air by anyone in your general vicinity with bad intentions and the right tools.

Note that the list of affected keyboards above is not extensive or complete.  Also, be aware that even more secure wireless keyboards are vulnerable – albeit to attacks that are more sophisticated.

Vulnerabilities with Bluetooth keyboards

The specific type of vulnerability above is typically not an issue with Bluetooth keyboards, because Bluetooth devices must be paired (a process that requires your permission and participation).  Unfortunately, if all your “digital stalker” wants to do is listen in on an ongoing “conversations”, pairing is not required.  What is required is knowledge of the encryption mechanism being used between the targeted devices (in this case, the bluetooth keyboard and the victim’s computer; or the victim’s phone and bluetooth earpiece).  If you think of a bluetooth pairing code as if it was a “short password”, you will realize that a portable computer set up to quickly try millions of password combinations won’t have much trouble finding the right one – and from there, it’s just a matter of listening in.

Recommendations

If your typical communications are of a nature that would invite hacking attempts by commercial competitors, paparazzi, etc. – don’t use wireless keyboards.  Otherwise, stay away from the vulnerable wireless keyboards in the first part of this article.  Although bluetooth keyboards are less vulnerable, be aware that the potential exists for communications to be intercepted and assess the risks accordingly.