Intercepting Microsoft wireless keyboard communications
Leichter, Jerry
leichter_jerrold at emc.com
Thu Dec 6 18:12:38 EST 2007
http://www.dreamlab.net/download/articles/Press%20Release%20Dreamlab%20Technologies%20Wireless%20Keyboard.pdf
Computerworld coverage at
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9051480
The main protection against interception is the proprietary protocol,
which these guys were able to reverse engineer. The exchange is
"encrypted" using a Caeser cipher (XOR with a single byte that is the
common key, which is the only secret in the system); they say they can
determine the right key within 30 characters or so. Their current
hardware can read the data from 33 feet away; with a better antenna,
well over a hundred feet should be possible. These things operate at
27 MHz, which will penetrate walls easily.
Reading multiple keyboards at once is possible and they already do it.
They are looking at injecting data into the stream - presumably not very
hard.
Many other brands of wireless keyboard may well be equally vulnerable.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list