Your wireless keyboard can give away all your passwords

Wireless keyboards from eight companies suffer from the KeySniffer vulnerability, allowing attackers to glean passwords, credit card numbers, and security questions and answers.

According to a report by Threatpost, the vulnerability can allow attackers to eavesdrop on keystrokes from up to 75 metres away.

The keyboard brands affected are:

  • Hewlett-Packard
  • Toshiba
  • Kensington
  • Insignia
  • Radio Shack
  • Anker
  • General Electric
  • EagleTec

KeySniffer was discovered by Marc Newlin, a researcher with Bastille Networks, after he found that two thirds of the keyboards he tested did not have encryption to begin with.

“As soon as I had finished the initial reverse engineering process it was immediately clear that these devices were sending all the keystrokes in clear text,” said Newlin.

Bastille gave the keyboard manufacturers 90 days to address the vulnerability, but most vendors failed to respond, stated the report.

Affected users should switch to a wired or Bluetooth-enabled keyboard, said Bastille.

More on security

How South Africa’s new fingerprint payment standard will work

SMS to be banned as two-factor authentication system in the US

Latest news

Partner Content

Show comments


Share this article
Your wireless keyboard can give away all your passwords