Software giant Microsoft still has to act regarding the potential dangers of insufficient wireless keyboard security. Microsoft, which produces millions of keyboards and input devices each year, has yet to acknowledge the threat which was originally discovered over two years ago.

The vulnerability is essentially a man-in-the middle attack, which uses a hidden receiver to secretly record keystrokes on the 27MHz wireless frequency. With little more than a PCB and software, it can decrypt keystrokes in real time.

This attack intercepts wireless transmissions from Microsoft keyboards which use a redundant XOR 8-bit encryption algorithm.  This encryption algorithm has been vulnerable to cryptographic attack for some time, and an 8-bit key is insufficient to protect data.

The hardware used to carry out this attack was essentially a Texas instruments wireless receiver, controlled by an 8-bit controller. The price of purchasing such equipment is minimal, and the software required is freely available online.

Because of this, it is possible to construct a PCB type interface to remotely intercept and decrypt keyboard traffic for just a few dollars. Potential attackers need only walk past an affected keyboard to execute this attack. With increased adoption rates of wireless peripherals, more people are at risk than ever before.

Security is as strong as its weakest link. As a result of Microsoft’s use of light-weight cryptography in protecting key strokes, there are potentially millions of keyboards at risk. The only solution for industries that depend on wireless technology is to move towards more advanced Bluetooth technology, in order to minimize the risks of cryptographic attack.

However, more advanced side-channel attacks will still be a possibility for attackers, as even wired keyboards are vulnerable to techniques that exploit electromagnetic emissions.

Security experts from remote-expoit.org have recently released an open-source wireless keyboard sniffer known as Keyleriki.  This application is reportedly capable of intercepting and decoding keystrokes from Microsoft based wireless keyboards. The security group known as has finally released this software to the general public in the hopes of making manufacturers and the general public aware of this serious security concern.

The increased prevalence of wireless technology in business environments has lead to significant research by cyber criminals into ways to exploit our new found dependence on such equipment.  This is just one example of countless many exploits that are currently ‘in the wild’.  But this, is perhaps one of the more severe examples as there is no way to encrypt keystrokes other than relying on the obviously poor XOR protocols that are so weak they can be decrypted on the fly.

Whilst critics argue that the range of these attacks is minimal, they have been launched from as far away as 30 feet. What is the risk of an intruder talking their way into your office? Recent studies have shown that a great many corporations are still vulnerable to social engineering attacks.  With potentially no way to secure these keystrokes, corporations really do need to consider their security policies in the wireless age, but how do you ensure your policies are adequate to protect against this sort of attack?  Think about wired alternatives until a safe wireless solution comes along.

In conclusion, attacks like this are remarkably easy to avoid by simply having rugged staff training and regular hardware auditing.  Encryption, firewalls and anti-virus only go so far.  These days multi-layer security policies are essential in ensuring both data and now, even keystrokes are safe.