Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Exploit World
Advertising
About/Contact
Credits
Sponsors:



Security Basics: Re: Wireless Keyboard Security

Re: Wireless Keyboard Security

From: Alvin Oga <alvin.sec_at_Virtual.Linux-Sec.net>
Date: Tue, 22 Mar 2005 21:25:40 -0800

hi ya jared

On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
>
> My job involves reviewing computer security at a bank, and I was very
> surprised to see that nearly all of the computers at one of my branches are
> using these wireless mouse/keyboard combos. It seems like this could be a
> potentially serious security risk,

yup .. big problem

> 1. How possible/easy/difficult is it to eavesdrop and capture keystrokes
> from a wireless keyboard using passive means only? What equipment/expertise
> does this require? (I am thinking it would probably take at least a spectrum
> analyzer, receiver, a laptop, and some custom software) What about taking
> the keyboard apart and reverse engineering it?

if it is using wep... you're dead ..

if it is using plain ole infared to transmit over IR ( infared, red light ),
you're probably dead, since the keystrokes are not probably not encrypted
while in transit

you just need a pda with a line of sight to the target pc
        - or laser from outside the building .. laser will pick up the
        1's and 0'z of the infared transmissions between kb and pc

> 2. How easy/difficult would it be to take control of a computer without
> having physical access to the keyboard at the console? What

should be easy if one had a line of sight to the keyboard/mouse

> equipment/expertise would this require? (Probably at least the same as
> above, plus a transmitter)

you, as the evesdropper, only want to receive... and not transmit

> There are many docs, including photos and lab tests, on the associated
> pages. For example, FCC docs show that this particular keyboard transmits on
> a frequency of 27.095 - 27.195 MHz. From the internal photos, it doesn't
> seem there are enough electronics to perform advanced encryption.

bingo ... you're dead

> Certainly somebody knows how to do this. Has anybody tried? Been successful?

it'd be a fun ( easy ) audit/pen-test to perform .. just takes time
to get the customized laser or pda with "sniffing(recording) tools"

========

all wireless transmissions should be considered sniffed/sniffable
and therefore, you should encrypt everything transmitted wirelessly
and for that matter, over wired communications too, everything is
transmistted encrypted or consider it open for anybody to see

c ya
alvin
Received on Mar 23 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]