{"id":197,"date":"2008-03-09T23:17:16","date_gmt":"2008-03-10T07:17:16","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/03\/09\/wireless-keyboards\/"},"modified":"2008-03-09T23:18:25","modified_gmt":"2008-03-10T07:18:25","slug":"wireless-keyboards","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/09\/wireless-keyboards\/","title":{"rendered":"Wireless Keyboards"},"content":{"rendered":"<p>With everything going wireless now, many people are cutting the cord and getting wireless keyboards and mice. However, not many people stop and think what might happen if these wireless peripherals are compromised. If say someone could spoof the identity of your keyboard and mouse then they could potentially take control of your computer. However, the manufacturers anticipated that so some minimal amount of encryption is put in place. It was recently found <a href=\"http:\/\/arstechnica.com\/news.ars\/post\/20071204-wireless-keyboard-encryption-easily-broken-say-researchers.html\">here<\/a> that older Microsoft devices working on the 27Mhz band could be easily compromised. The encryption scheme used in these products XORs the keyboard status with a random byte, resulting in only 256 possible keys&#8230; It is easy to see that this could be exploited fairly easily.<\/p>\n<p>Newer products utilizing Bluetooth are more secure but still have vulnerabilities. The frequency hopping used in Bluetooth in conjunction with the packet encryption using the E0 stream cipher provide a sense of security. Attacking the PIN used in pairing has shown to be an effective way of compromising the encryption used in Bluetooth&#8230;<br \/>\n<!--more-->Assets:<br \/>\n* Data being entered into the keyboard<br \/>\n* Control of the computer<br \/>\n* Fast response time<\/p>\n<p>Adversaries:<br \/>\n* Identity thieves would love to get to all your passwords used online and credit card numbers entered while online shopping<br \/>\n* Friends, spouse, siblings would love to gain access to all of your private conversations\/correspondence<\/p>\n<p>Potential Weaknesses:<br \/>\n* Broadcast of signal to anyone in range<br \/>\n* Weak\/non-existent encryption<br \/>\n* Wireless connectivity can be easily interfered with<\/p>\n<p>Potential Defenses:<br \/>\n* Use stronger encryption scheme, but a balance must be maintained between usability, latency, and power constraints. Using a very strong cipher would definitely kill the batteries and slow down response time.<br \/>\n* Use lower transmit power to decrease the range of transmission.<\/p>\n<p>Conclusion:<br \/>\nIt&#8217;s clear that those older Microsoft keyboards the most secure, but compromises must be made between many factors in a wireless keyboard. Wireless technology is inherently less secure and has many vulnerabilities from the start. If you are terribly concerned with security use a wired keyboard<\/p>\n","protected":false},"excerpt":{"rendered":"<p>With everything going wireless now, many people are cutting the cord and getting wireless keyboards and mice. However, not many people stop and think what might happen if these wireless peripherals are compromised. If say someone could spoof the identity &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/03\/09\/wireless-keyboards\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":50,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[132,133,14],"class_list":["post-197","post","type-post","status-publish","format-standard","hentry","category-security-reviews","tag-bluetooth","tag-keyboard","tag-wireless"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/197","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/50"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=197"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/197\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=197"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=197"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=197"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}