According to security researchers at Bastille, the so-called KeySniffer vulnerability affects wireless keyboards that use a less secure, radio-based communication protocol rather than a Bluetooth connection. The affected keyboards come from eight different hardware makers and use transceiver chips or non-Bluetooth chips. These chips are cheaper than Bluetooth chips, but they also don’t receive Bluetooth’s frequent security updates. That’s a problem.
After researcher Marc Newlin reverse engineered these keyboards’ physical layer packets, he saw that the information being transmitted was unencrypted. This means someone within a several hundred yard radius and a $30 to $40 radio dongle (which you can buy on Amazon) could secretly see everything you type, including passwords, credit card numbers, and weird porn search terms.
Although KeySniffer isn’t the first wireless vulnerability ever discovered, it’s certainly one of the biggest. Previous vulnerabilities include weak encryption issues with a keyboard made specifically by Microsoft. These affected keyboards, many of them low-cost wireless keyboards, are in use in millions private homes, business, and government facilities. Here’s how a similar vulnerability called KeySweeper works. It’s terrifying:
Bastille says it hoped that hacks like last year’s KeySweeper would have been a “wake up call” regarding non-Bluetooth keyboards. Clearly, that’s not the case. Here are the eight manufacturers that KeySniffer is known to affect:
Bastille, which also uncovered a frightening peripheral hack this past February, built a dedicated website for the new KeySweeper threat. There you can find out if this set of vulnerabilities affects the exact make and model of your keyboard.
Unfortunately, there is no way to retroactively add security features to these keyboards, so you’ll just have to swap out with a more secure one. You might want to try one with a wire, or at the very least, Bluetooth.