Researchers from Bastille, a cybersecurity firm, have unveiled a hacking technique that will allow hackers to detect and record every key that their victims press on a wireless keyboard.
Named the “keysniffer,” the attack will allow the hackers to get information such as the victim’s password on any e-mail or social media account the person is accessing while the hack is active.
The vulnerability, which affects several big brands including HP and General Electric, would be disconcerting for users, as there is no sign that a hacker is applying the keysniffer attack on their target. The effective range of the attack is said to be within 250 feet, and while international cybercriminals would not be able to log your keypresses, the distance is still big enough to be carried out by hackers without their victim’s knowledge.
According to the researchers, the presses that users are making on the vulnerable wireless keyboards are sent to the connected computer through a connection with no encryption. This makes it very easy for the hackers to intercept the signals and read the keypresses of their victims, which is alarming as users expect these wireless keyboards to come with at least some form of security.
The Bastille researchers tested the keysniffer attack on low-cost wireless keyboards created by 12 companies. In addition to HP and General Electric, which issues a license to manufacturer Jasco for its keyboards, the companies that were found to have vulnerable keyboards are Anker, EagleTec, Insignia, Kensington, Radio Shack and Toshiba.
The specific brands and models of wireless keyboards found to be vulnerable are listed on the page Bastille has set up regarding the exploit.
Bastille also noted that the products listed on the page only include those that its researchers have tested. The list does not include all the wireless keyboards that are vulnerable to the keysniffer attack, but concerned users can sign up on the website to receive alerts whenever new information is posted.
Kensington spokeswoman Denise Nelson said the company is already working with Bastille on the security problem, and Jasco said it will be working with its customers to address any concerns or issues involving the hacking method.
The exploit is similar to the “mousejacking” attack Bastille also discovered earlier in the year. Through the attack, hackers take advantage of wireless connections between computers and their keyboard or mouse to be able to input commands. These commands could be as damaging as opening a browser, accessing a website and then installing malware that could extract the contents of the hard drive.