The $30 device that can hack into nearby keyboards

A security researcher has developed an inexpensive device that, while masquerading as a mere USB wall charger, can monitor keystrokes on nearby wireless Microsoft keyboards 

Attention, Microsoft keyboard users: There is now a USB wall charger that can monitor almost any wireless Microsoft keyboard in its vicinity, VentureBeat reports.

Built by security researcher Samy Kamkar, KeySweeper, can sniff, decrypt, log, and report the keystroke activity present as a wireless keyboard communicates with a PC, according to Mr. Kamkar’s site. All information is saved locally and online, and KeySweeper can even send text messages based on trigger words, usernames, or URLs. An internal rechargeable battery allows the device to operate even when unplugged.

Kamkar estimates a KeySweeper device to cost between $10 and $30 to build. The covert device should work with most, if not all, Microsoft wireless keyboards.

“We are aware of reports about a ‘KeySweeper’ device and are investigating,” a Microsoft spokesperson told VentureBeat.

The development of the device comes in the wake of President Obama's call for better legislation around data protection. In the US, about 18 percent of online adults say they have had information such as credit card and bank account numbers stolen, according to the Pew Research Center.

KeySweeper, a keystroke logger, represents a type of device that has been the source of compromised security for a slew of companies over the years. In 2011, for instance, Texas-based marketing giant Epsilon reported having millions of customer names and emails stolen, affecting clients such as JPMorgan, Citigroup, and Best Buy. In 2013, hackers using keylogger malware reportedly stole close to 2 million login credentials from sites such as Facebook, Google, Yahoo, and Twitter, CNN reported.

However, keyloggers can legally be used for things like parental controls and company security, allowing parents or employers to track what their children or employees are doing online.

For his part, Kamkar has spent years researching and revealing weaknesses in mobile and wireless security. In 2008, he displayed how RFID (radio-frequency identification) technology in badges and credit cards could be exploited for identity theft.

“Using my firmware, you can actually just walk around without a laptop, with just this credit card-sized Proxmark device, have a little antenna about the size of a credit card, it could be in your sleeve, or it could be in your pocket, and just walk around in Times Square and you'll just start picking up people's IDs,” Kamkar told Jeff Williams, CTO of Contrast Security and host of The Security Influencers Channel on iTunes, in September.

In 2011, Kamkar discovered that Android, iPhone, and Windows Mobile devices constantly sent wifi router and GPS information back to their parent companies. His findings led to congressional hearings that looked into Apple’s and Google’s privacy policies and practices.

Kamkar is also the man behind the MySpace worm, a virus that, if so employed, had the ability to steal user data and that allowed Kamkar, then 19, to make more than 1 million MySpace friends in less than a day.

He also developed the Evercookie, a program that continues to identify users even after they delete standard cookies from their browsers; and the SkyJack, a drone that seeks out, hacks, and takes charge of other drones within wireless distance, “creating an army of zombie drones under your control.”

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to The $30 device that can hack into nearby keyboards
Read this article in
https://www.csmonitor.com/Technology/Tech/2015/0114/The-30-device-that-can-hack-into-nearby-keyboards
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe