Are Wireless Keyboards Secure?
Wireless keyboards are an excellent alternative to their wired counterparts, most notably because you can use them without being tied to your PC or laptop via a pesky cable and using valuable USB port space in some cases. But the big question that crops up often among consumers is, are wireless keyboards secure?
Just like your Wi-Fi connection, smartphone, or any other computer system is vulnerable to hackers, wireless keyboards are no different. Reports from leading tech security companies, such as IoT security firm Bastille, dub this type of keyboard exploit as Keyboard Jacking, which allows a potential hacker to inject keystrokes at several hundred words per minute from a nearby antenna, even with the peripheral being encrypted.
The report from Bastille concludes that certain wireless keyboards can be hijacked to steal or compromise data from up to a whopping 330 feet away. To put this in perspective, an interloper could trigger you to download malware while sitting in their vehicle right outside your home or office, and with readily accessible hardware that costs just $15 and a few lines of Python code.
Researchers from Atlanta-based Bastille looked at devices from leading keyboard manufacturers such as Lenovo, HP, Logitech, and Microsoft, and has released patches to a few of the manufacturers in an effort to curb the chances of keyboard jacking. The issue of keyboard jacking does not seem to affect Bluetooth keyboards, but is a major threat to devices that use a wireless dongle.
How does Keyboard Jacking Work?
In order to understand how keyboard jacking works, let’s analyze the way in which this range of wireless devices operates. You first plug in a receiver into any one of the available USB ports on your computer or laptop, and then turn on the wireless keyboard.
When the keyboard is on, it begins to relay important information to the receiver, such as keystrokes. This makes it easy to hack your device, because someone can connect to the same wireless receiver and pretend to be a keyboard, gain control of the real connected keyboard of that computer, and perform undesirable actions.
A hacker uses basic hardware including a software-defined radio to scan the frequencies used by wireless keyboards to determine its targets. Once a target has been identified, forged packets could be transmitted to the address of the target device.
Apart from being able to trick users into downloading malware onto their laptops or other devices, keyboard jacking can also setup a wireless hotspot on the target device, which can then be used to infiltrate data, even without a network connection.
Further, a command window could also be opened on a PC or laptop and a root kit could be installed, or a network vulnerability introduced. Reputable keyboard manufacturers such as Logitech and Lenovo have already introduced patches and updates to address the mouse and keyboard jacking issue, but some of the solutions only work when installed at the time of manufacture.
Asif Ahsan, Logitech’s Senior Director of Engineering, said that the company did come up with a security patch to address the keyboard jacking threat to some of its wireless keyboards and mice, and that the vulnerability detected by Bastille “would be complex to replicate” since it requires that the hacker to be in close proximity of the victim, making it a difficult and unlikely path of attack.
According to esteemed tech publication Wired, this root cause for these spoofed vulnerabilities is a chip made by Nordic Semiconductor. The company sold the chips without any security, but did provide manufacturers with the option to set their own security measures.
Unfortunately, some manufacturers overlooked this feature, which resulted in some of the chips embedded with little or no security at all. There are two levels to this security flaw. The first is when the data is “Unencrypted”, which makes it easy for hackers to relay data back and forth to the receiver of the wired keyboard or mouse.
The second is when the data is “Encrypted” but fails to check the legitimacy of the device it is receiving commands from. When the encryption is tampered with, hackers can easily send data to the receiver.
How to Protect your Wireless Devices?
There are a few things you can do to protect your wireless peripherals from being hacked such as using a wired keyboard.
Check your device – When shopping for the best wireless keyboard, it is wise to ensure that the device isn’t vulnerable to attacks. To do this, it is highly recommended that you buy from a reputable computer peripheral brand such as Logitech or Dell.
Firmware update – If you already own a wireless peripheral, be sure to check for firmware updates released by the manufacturer. These are generally found on the manufacturer’s website and listed in the drivers section.
Lock PC – A good practice when using a computer is to lock it when not in use regardless of whether you are using a wired or wireless keyboard or mouse. Although Keyloggers might still be able to steal information when your PC is locked, it may very well delay the process.
Encrypt data – If you tend to keep sensitive information on your computer, it is a good idea to encrypt those folders with a password. This may not be a foolproof way of preventing hacking, but will make the process a little more challenging.
Now that we’ve answered your question, are wireless keyboards secure, the best thing you can do is protect your data, use a wired keyboard or Bluetooth wireless keyboard, or buy a device from a leading peripheral manufacturer. One thing worth noting is that since this wireless keyboard glitch has surfaced, most big name keyboard and mice manufacturers have taken the necessary security measures to protect their devices from hacking.
Bluetooth wireless keyboards are already pre-encrypted given that they can only be paired with your computer via a password. They are also a widely popular choice among consumers since they do not need to be connected to a receiver plugged into one of the USB ports in your computer or laptop.