Flaw in KeySniffer Enables Attackers and Inject Keystrokes on Wireless Keyboards

Security firm Bastille, discovered a vulnerability which was nicknamed as KeySniffer, affects the wireless keyboards of vendors like Eagle Tec, Anker, Hewlett-Packard, General Electric, Toshiba, Radio Shack, Insignia and Kensington.

From miles away, a hacker could be able to secretly and passively record everything that you type on the wireless keyboard with a wireless dongle and an antenna worth some bucks, and some lines of the Python code. Your manuscripts, credit card data, usernames, passwords, or balance sheet of company - whatever you are working during that time.

Bastille informed all the affected vendors, however nobody has issued the official response before publication of its findings. The company further added that only few products are tested by them from aforementioned vendors, and it is possible that other wireless keyboards product series may be affected too.

Zdnet.com posted on July 26th, 2016, stating that it is set of vulnerabilities in common low-priced wireless keyboards which may allow the hacker to spy from a long distance.

The vulnerability of KeySniffer is MouseJack escalation, however rather than pairing the rogue device, the KeySniffer permits an attacker to sneak on data that is exchanged between wireless keyboard and the USB dongle of user.

KeySniffer cannot affect wireless mice, although attackers can inject the rogue keystrokes inside data stream that is established between dongle and its susceptible wireless keyboard.

Wireless device users are put at risk on earlier occasions also. The company that was behind the famous MouseJack flaw was Bastille. MouseJack flaw let the hacker's compromise computer of a person via wireless mouse. Even in 2010, it was identified that few keyboards having weak encryption can be hacked easily.

The attacker merely needs in particular a crafted device just like a modified antenna, which must be plugged in one of its USB ports. The whole device costs not more than $100. An attacker could be able to execute attacks of KeySniffer from miles away.

The attacks could be carried out in enterprise network, crowded mall or café. The attacker could log everything from details of credit card when users are making online payments, as well as passwords while they are logging in their online accounts.

» SPAMfighter News - 8/1/2016