Saturday, December 8, 2007

I Know What You've Typed Last Summer

A keylogger is a tool used by hackers to record any keystroke on your keyboard into a log file. That file is then sent to the hacker's computer, masked between normal packets.
After analysis, the hacker can glean user names, passwords, credit card numbers and other personal information. And if he doesn't intend to do anything with this info personally - he can always sell it (believe it or not, there's an eBay-like site for hacked information).

"Bah!", I hear you say, "In order for a keylogger to operate on my machine, a trojan, or another spyware has to install it. And I have my anti-virus up to date, my anti-spyware software constantly scanning, and I've stopped clicking attachments from people I don't know a while ago, after that incident. I'm safe!".

To that I say "OH REALLY?!". What's that nifty keyboard you're using? A wireless keyboard from Microsoft? With a 100 feet range? Good for you! And for any hacker within a 100 feet of you.

A couple of German hackers just published the results of their research (PDF file), aptly named "We know what you've typed last summer" smile, about hacking wireless keyboards remotely. While they don't give a step-by-step (for obvious reasons), the bottom line is: if you're using a wireless keyboard, a hacker need not install anything on your machine to get your keystrokes.

Their research shows that, while the data packets sent from the keyboard to the computer are "encrypted" (and I use that term loosely - they found out the encryption is actually achieved by XORing the value - meaning there are just 256 possible encryption keys. This means even your calculator has enough CPU power to brute-force it's way through the encryption, let alone a modern computer), the control packets (the ones in charge of synching the keyboard to its receiver and relaying other information) are not encrypted at all, yielding a wealth of information that assists in the hacking.

Currently they claim, that by the time you've typed 20-50 keys, they "have you". They even posted a flash video on their site, showing 3 keyboards hacked at the same time. Scary stuff.

So far, they've hacked Microsoft and Logitech keyboards (keyboards operating in the 27Mhz range) and are looking forward to test the next generation of Logitech keyboards that support "Secure Connect" an advanced encryption. My assumption is they'll break those as well.

To date, there's NO WAY to patch a wireless keyboard - the "encryption" is burned into the keyboard's ROM. For me, it's back to the good ol' USB keyboard.

No comments: