Security Basics: RE: Wireless Keyboard Security

["Jeff Gercken" <JeffG () kizan com>]

I do not know enough to adequately speak of the subject so I won't.  I will, however, put forth the topic of Bluetooth 
enabled peripherals, which I believe, do incorporate reasonable encryption.  Thoughts?

-----Original Message-----
From: Pedro Venda [mailto:pjvenda () arrakis dhis org] 
Sent: Wednesday, March 23, 2005 1:16 PM
To: security-basics () securityfocus com
Cc: Alvin Oga; Badger, Jared
Subject: Re: Wireless Keyboard Security

On Wednesday 23 March 2005 05:25, Alvin Oga wrote:
> hi ya jared
>
> On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
> > My job involves reviewing computer security at a bank, and I was very
> > surprised to see that nearly all of the computers at one of my branches
> > are using these wireless mouse/keyboard combos. It seems like this could
> > be a potentially serious security risk,
> yup .. big problem
I agree. This is a serious issue, and I don't think current hardware is 
encrypting data. hardware sniffers can now be wireless too :-)

The wireless peripherals are now hype (not in the sense that they won't be 
used further, but in the sense that everyone has one). with wireless 
ethernet, there were security concerns (not efficiently solved) from day 1, 
but most people overlook this issue on other peripherals, which I consider 
very serious.

It'd be expensive for manufacturers to start producing peripherals with decent 
encryption/decryption hardware, so I don't predict short/medium term changes. 
After all, mose people (even on banks !!!) don't see this issue, so why would 
the masses pay more for something not obviously necessary?

regards,
pedro venda.
-- 

Pedro João Lopes Venda
email: pjvenda < at > arrakis.dhis.org
http://arrakis.dhis.org