Subscribe

The $30 device that can hack into nearby keyboards

A security researcher has developed an inexpensive device that, while masquerading as a mere USB wall charger, can monitor keystrokes on nearby wireless Microsoft keyboards 

  • close
    KeySweeper (http://samy.pl/keysweeper) is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboards (using proprietary 2.4GHz RF) in the area.
    View Caption
  • About video ads
    View Caption
of

Attention, Microsoft keyboard users: There is now a USB wall charger that can monitor almost any wireless Microsoft keyboard in its vicinity, VentureBeat reports.

Built by security researcher Samy Kamkar, KeySweeper, can sniff, decrypt, log, and report the keystroke activity present as a wireless keyboard communicates with a PC, according to Mr. Kamkar’s site. All information is saved locally and online, and KeySweeper can even send text messages based on trigger words, usernames, or URLs. An internal rechargeable battery allows the device to operate even when unplugged.

Kamkar estimates a KeySweeper device to cost between $10 and $30 to build. The covert device should work with most, if not all, Microsoft wireless keyboards.

“We are aware of reports about a ‘KeySweeper’ device and are investigating,” a Microsoft spokesperson told VentureBeat.

The development of the device comes in the wake of President Obama's call for better legislation around data protection. In the US, about 18 percent of online adults say they have had information such as credit card and bank account numbers stolen, according to the Pew Research Center.

KeySweeper, a keystroke logger, represents a type of device that has been the source of compromised security for a slew of companies over the years. In 2011, for instance, Texas-based marketing giant Epsilon reported having millions of customer names and emails stolen, affecting clients such as JPMorgan, Citigroup, and Best Buy. In 2013, hackers using keylogger malware reportedly stole close to 2 million login credentials from sites such as Facebook, Google, Yahoo, and Twitter, CNN reported.

However, keyloggers can legally be used for things like parental controls and company security, allowing parents or employers to track what their children or employees are doing online.

For his part, Kamkar has spent years researching and revealing weaknesses in mobile and wireless security. In 2008, he displayed how RFID (radio-frequency identification) technology in badges and credit cards could be exploited for identity theft.

“Using my firmware, you can actually just walk around without a laptop, with just this credit card-sized Proxmark device, have a little antenna about the size of a credit card, it could be in your sleeve, or it could be in your pocket, and just walk around in Times Square and you'll just start picking up people's IDs,” Kamkar told Jeff Williams, CTO of Contrast Security and host of The Security Influencers Channel on iTunes, in September.

In 2011, Kamkar discovered that Android, iPhone, and Windows Mobile devices constantly sent wifi router and GPS information back to their parent companies. His findings led to congressional hearings that looked into Apple’s and Google’s privacy policies and practices.

Kamkar is also the man behind the MySpace worm, a virus that, if so employed, had the ability to steal user data and that allowed Kamkar, then 19, to make more than 1 million MySpace friends in less than a day.

He also developed the Evercookie, a program that continues to identify users even after they delete standard cookies from their browsers; and the SkyJack, a drone that seeks out, hacks, and takes charge of other drones within wireless distance, “creating an army of zombie drones under your control.”

 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...