Software giant Microsoft still has to act regarding the potential dangers of insufficient wireless keyboard security. Microsoft, which produces millions of keyboards and input devices each year, has yet to acknowledge the threat which was originally discovered over two years ago.

The vulnerability is essentially a man-in-the middle attack, which uses a hidden receiver to secretly record keystrokes on the 27MHz wireless frequency. With little more than a PCB and software, it can decrypt keystrokes in real time.

This attack intercepts wireless transmissions from Microsoft keyboards which use a redundant XOR 8-bit encryption algorithm.  This encryption algorithm has been vulnerable to cryptographic attack for some time, and an 8-bit key is insufficient to protect data.

The hardware used to carry out this attack was essentially a Texas instruments wireless receiver, controlled by an 8-bit controller. The price of purchasing such equipment is minimal, and the software required is freely available online.

Because of this, it is possible to construct a PCB type interface to remotely intercept and decrypt keyboard traffic for just a few dollars. Potential attackers need only walk past an affected keyboard to execute this attack. With increased adoption rates of wireless peripherals, more people are at risk than ever before.

Security is as strong as its weakest link. As a result of Microsoft’s use of light-weight cryptography in protecting key strokes, there are potentially millions of keyboards at risk. The only solution for industries that depend on wireless technology is to move towards more advanced Bluetooth technology, in order to minimize the risks of cryptographic attack.

However, more advanced side-channel attacks will still be a possibility for attackers, as even wired keyboards are vulnerable to techniques that exploit electromagnetic emissions.

Numerous examples of malicious software have been found on hundreds of ATM machines running Microsoft Windows.  This ‘software’ is apparently able to record card numbers and details that are contained in the magnetic strip on the back of cards.

Up until now, this exploit has only been found on ATM machines located in Eastern Europe, but it looks to be that the software is highly advanced, and before long it may make its way to the west.

This highly advanced exploit not only records card details, but it also gives full access to the ATM machine functions.  From printing money to rebooting the machine, criminals need only insert a special ‘card’ which allows them to literally do anything they want.

It would seem that the evolution of the ATM machine has ensured that it is now vulnerable to attack because of the developers desires for it to remain ‘user-friendly’.  But has user friendly gone one step too far in this case?  The vulnerable ATM machines all run a standard version of Windows XP which obviously, has major vulnerabilities.

It would seem that simply securing parts of a computer inside a steel cage is no longer enough to deter these attackers and they have found a way to load their sinister software without banks actually knowing.

Looking at this, one can only make the realistic conclusion that ATM machines are no longer simply ‘thin clients’.  It is ironic to see that banks are putting their trust in operating systems such as Windows XP straight out of the box.

Evidence supporting the security limitations of Windows XP has existed since before 2003.  Even the NSA admits that standard editions of XP are flawed and vulnerable.  As a result, USAF actually petitioned Microsoft for a locked-down and secure version of the operating system.  Why didn’t banks think of that?

Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki.  This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment.  This is just one example of countless many exploits that are currently ‘in the wild’.  But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks.  With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack?  Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing.  Encryption, firewalls and anti-virus only go so far.  These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.