Who's been typing on my keyboard?

DSC_2377

Wired magazine reports on some research carried out by Bastille, where attackers can hijack proprietary wireless keyboard (and mouse) dongle from over 100 yards away.  The attack exploits firmware vulnerabilities in a particular radio communications chip used by wireless input devices.   It seems to be a popular piece of hardware, which is integrated into some computer manufacturers' wireless input devices.

The report only discusses hijacking the target computer, and it is not clear if the technique can also be used to log the keystrokes of the victim's keyboard.  However, it seems straightforward that an attacker could use the capability to inject the commands for the target computer to download and execute a more significant malware payload.  Of course, the computer would have to be unlocked for this to work, which would mean the attacker could see the victim's screen.  Alternatively, an attacker could simply keep trying to send their commands, making sure to backspace and delete their attempt each time it fails.

It seems, some of the companies whose products are affected by this problem are already patching the firmware of their devices to protect users.  However, users of Bluetooth input devices should be safe from this type of attack - for now!


Popular posts from this blog

Visual programming for 'wiring' the Internet of Things

Privacy-by-Design Framework for Internet of Things Systems

Privacy Perspectives for Data Privacy Day