Why Did My Next Door Neighbor Erect a 50-Foot Radio Antenna?

Why Did My Next Door Neighbor Erect a 50-Foot Radio Antenna?


Wireless keyboards have been around for several years. After developing the first series of infrared devices, vendors have developed radio-based keyboards that run at 27 MHz.

Researchers Max Moser and Phillip Schroedel of Dreamlab Technologies recently released a report stating that various 27MHz keyboard devices are prone to an information disclosure vulnerability due to weak encryption (BID 26693). These devices include Microsoft’s Wireless Optical Desktop 1000 and 2000 models. The researchers also claimed that the 3000 and 4000 models as well as other 27MHz-based wireless laser desktop series may also be vulnerable, but this has not been confirmed.

The researchers managed to break the encryption on these devices. They claim that Microsoft uses an 8-bit XOR mechanism to encrypt wireless keystroke data. This means that there are only 2^8 or 256 possibilities for the encryption key, which can easily be brute forced. With a simple radio receiver, soundcard, and suitable software, Moser and Schroedel have managed to intercept wireless encrypted keystrokes and decrypt them. The experiment was conducted using an antenna that could intercept data from 10 meters away.

In other words, an attacker could construct a wireless keylogger to monitor keystrokes on various wireless keyboards. Depending on the strength of the receiving device, the attacker could potentially obtain sensitive information such as user-authentication credentials for certain services or applications and most importantly, users’ credit card information.

The researchers of this vulnerability will not release a proof of concept until they finish conducting their research. They are investigating other wireless products such as Logitech SecureConnect. After completing their research, Moser and Schroedel plan to release their proof of concept that will demonstrate this issue and some of the pitfalls they ran into during their research. They plan to present their findings at various educational venues and training sessions.

The researchers have contacted Microsoft regarding this issue, but the vendor has not released any comments to date. This is quite an interesting issue. Now that it’s been disclosed to the public, further research will almost certainly be done on other radio frequencies.

References:

http://www.securityfocus.com/bid/26693
http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.pdf