Low-Cost Wireless Keyboards Open To Keystroke Sniffing And Injection Attacks

Bastille Networks researcher Marc Newlin has discovered a set of security vulnerabilities in low-cost wireless keyboards that could be exploited to collect all passwords, security questions, sensitive personal, bank account and payment card info users input through them. The problem with the vulnerable keyboards is that they don’t encrypt the keystroke data before they transmit it wirelessly to the USB dongle, and that’s because their manufacturers opted to use unencrypted radio communication protocols. The transceivers used in the vulnerable keyboards do not support firmware updates, so they will remain vulnerable forever.