Previous All Posts Next

Stolen Passwords from Wireless Keyboards

Posted: July 27, 2016 to Technology.

Tags: Data Breach, AI, Cloud Security

If you are using a cheap wireless keyboard, you run the risk of having your passwords stolen. According to researchers at the security company, Bastille, there’s a security hole in millions of keyboards that can allow hackers see every keystroke from up to 100 meters away. After testing wireless keyboards put out by a dozen manufacturers, they found that eight of those manufacturers had keyboards that were susceptible to attack, including ones from HP and Toshiba. The thing they all had in common was that rather than using Bluetooth, they sent information over unencrypted radio signals. This isn’t the first time the security of radio signals have been brought into question. Bastille has previously found that over a billion keyboards manufactured by Logitech, HP, Microsoft, Dell, Lenovo, and Amazon all could be controlled by a remote antenna. It’s also been shown that dozens of car models from brands like Ford, Toyota, Nissan, Audi, and Volkswagen could be unlocked using a radio amplifier, leading to the revelation in the first part of 2015 three quarters of all cars stolen in France were done so using this technique. This new attack, called KeySniffer, intercepts information transmitted from the keyboard to its USB receiver and relies on parts that can be purchased for less than $100. It allows hackers the ability to steal usernames, passwords, credit card information, and any other sensitive personal data typed into an affected keyboard. There are industry standards when it comes to the security of keyboards that use Bluetooth, but the same can’t be said for ones relying on radio waves. Consequently, it’s up to the manufacturer to make those decisions, and very often their security is lacking. If you want to use a wireless keyboard and are concerned about security, your best bet is to switch to one that relies on Bluetooth rather than radio waves. If you want to check the status of a keyboard you own now, here is a list of affected devices as of this writing:

Related Articles

API Security 360: Discovery, Testing, and Runtime Defense API Security 360: Discovery, Testing, and Runtime Defense Platform Engineering Playbook: Build Your Internal Developer Portal Platform Engineering Playbook: Build Your Internal Developer Portal Invalid Response from OpenAI? Here’s How to Fix It Invalid Response from OpenAI? Here’s How to Fix It Data Mesh or Data Fabric? Charting Your Enterprise’s Future Data Mesh or Data Fabric? Charting Your Enterprise’s Future
Craig Petronella
Craig Petronella
CEO & Founder, Petronella Technology Group | CMMC Registered Practitioner

Craig Petronella is a cybersecurity expert with over 24 years of experience protecting businesses from cyber threats. As founder of Petronella Technology Group, he has helped over 2,500 organizations strengthen their security posture, achieve compliance, and respond to incidents.

LinkedIn Twitter About
Related Service
Need Cybersecurity or Compliance Help?

Schedule a free consultation with our cybersecurity experts to discuss your security needs.

Schedule Free Consultation
Previous All Posts Next