News, Technology

KeySniffer, a new keyboard vulnerability, is exposing millions of people to hackers

Written by Maryam Dodhy ·  57 sec read >

A newly discovered vulnerability in wireless, radio-based keyboards could be exposing users to hackers. This vulnerability, being called KeySniffer, allows hackers to take over your keyboard and record whatever you’re writing. And millions of users worldwide are being exposed.

The keyboards that are reportedly being affected have been manufactured by popular makers like HP, Toshiba, General Electric (GE), Kensington, Insignia, EagleTec, Anker, and Radio Shack. All these makers are using transceiver chips in their keyboards which are less secure and don’t get the frequent Bluetooth security updates.

According to security researchers at Bastille, KeySniffer is affecting wireless keyboards that use a radio-based communication protocol that is less safe than a Bluetooth connection. After reverse engineering their physical layer packets, it was found that the information being transmitted via these keyboards is not encrypted.

This vulnerability means that a hacker could invest a few bucks in a radio dongle, plug it into their laptop and sit comfortably 250 feet away from you and start intercepting the communication between your affected keyboard and your PC. Last year a similar vulnerability called KeySweeper affected millions of people using non-Bluetooth keyboards.

Bastille researchers have stated that the aforementioned manufacturers are the only ones they have tested out so far. There may be others who are affected by the same vulnerability. If you happen to use a wireless, radio-based keyboard now might be a good time to make the switch to a secure Bluetooth keyboard. We would also advise you not to invest your money in cheaper brands for the sake of your own security.

You can find the complete list of affected keyboard models here.

Written by Maryam Dodhy
I love bringing to light stories of extraordinary people working in Pakistan's tech and startup industry. You can reach out to me through maryamdodhy@techjuice.pk. Profile