Device listens keystrokes wireless keyboard Microsoft

A security researcher has created a device that looks like a charger, but can actually intercept and forward keystrokes from a Microsoft wireless keyboard. The device is based on an Arduino board.

The device called KeySweeper works because it has the same chip on board as Microsoft’s Wireless Keyboard, which works on its own protocol at 2.4GHz. In addition, according to the security researcher, the encryption used is weak, making it easy to discover the keystrokes in the transmitted code. The software uses the MAC address to encrypt the data.

The security researcher uses a vulnerability in the protocol to contact the hardware. The charger is based on an Arduino and all hardware fits into the housing of a regular phone charger. In addition, the charger can also continue to function to provide power to other devices. If the charger is not plugged in, the sniffer remains active due to a built-in battery.

The KeySweeper can forward the received signals via a GSM network and notify the attacker via SMS if the victim visits certain URLs or enters passwords in certain places. In this way, the attacker can also watch live.

It is unknown whether Microsoft can close the security hole in its keyboard. The software company has not yet commented on the security researcher’s discovery. This isn’t the first time this researcher, Samy Kamkar, has discussed a Microsoft product. Earlier he talked about collecting location data in Windows Phone.