KeySniffer sniffs out your keystrokes from 250 feet away

Malware affecting cheap wireless keyboards gives hackers your card data

Malware affecting wireless keyboards can track people's keystrokes to discover their private data, cybersecurity researchers have warned.

Dubbed KeySniffer', the malware works from a distance of up to 250ft, allowing hackers to remotely monitor people's every keystroke, obtaining the data in plain text.

The hackers can then search the plain text data for people's card numbers, bank account usernames and passwords, answers to security questions, network access passwords and sensitive business data.

Advertisement - Article continues below

Bastille, the cybersecurity firm that unvocered the flaw, called it a "massive vulnerability" and said it affects eight major wireless keyboards from companies including HP Inc and Toshiba.

Marc Newlin, a Bastille researcher who discovered KeySniffer, said: "When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product.

"Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."

The malware does not affect Bluetooth keyboards from the likes of Logitech, Dell and Lenovo, the firm found, adding: "Vulnerable keyboards are easy for hackers to detect as they are always transmitting, whether or not the user is typing. Consequently, a hacker can scan a room, building, or public area for vulnerable devices at any time."

Advertisement
Advertisement - Article continues below

But the affected keyboards cannot be upgraded, and people using them must replace them with new devices, Bastille warned, saying it had told the affected manufacturers about the vulnerability.

Advertisement - Article continues below

Kaspersky's principal security researcher, David Emm, said: "As with any digital device that is connected to the internet, if it isn't secure it can be compromised and the data you transmit can be intercepted.

"It's vital that manufacturers of such devices consider security at the design stage, not least because trying to retro-fit security is likely to be a lot more difficult. It's also vital the consumers consider the potential dangers posed by insecure wireless devices when making purchasing decisions."

A full list of the affected keyboards can be found here.

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Putting a spotlight on cyber security

An examination of the current cyber security landscape

Download now

The economics of infrastructure scalability

Find the most cost-effective and least risky way to scale

Download now

IT operations overload hinders digital transformation

Clearing the path towards a modernised system of agreement

Download now
Advertisement

Recommended

Visit/security/ethical-hacking/356252/poorly-secured-banking-apps-lead-to-cyber-threats
ethical hacking

Mobile banking apps are exposing user data to attackers

26 Jun 2020
Visit/security/malware/356231/most-malware-came-through-https-connections-in-q1-2020
malware

Most malware came through HTTPS connections in Q1 2020

25 Jun 2020
Visit/security/phishing/356211/phishing-attacks-target-unsuspecting-wells-fargo-customers
phishing

Phishing attacks target unsuspecting Wells Fargo customers

24 Jun 2020
Visit/security/hacking/356210/trump-administration-wants-to-enhance-the-security-of-gov-sites
hacking

Trump administration wants to enhance the security of .gov sites

24 Jun 2020

Most Popular

Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/security/vulnerability/356295/microsoft-patches-high-risk-flaws-that-can-be-exploited-with-a
vulnerability

Microsoft releases urgent patch for high-risk Windows 10 flaws

1 Jul 2020
Visit/business/policy-legislation/356256/uk-invested-about-ps500m-in-wrong-gps-satellites
Policy & legislation

UK gov buys "wrong" satellites in £500m blunder

29 Jun 2020