Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki.  This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment.  This is just one example of countless many exploits that are currently ‘in the wild’.  But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks.  With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack?  Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing.  Encryption, firewalls and anti-virus only go so far.  These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.