Intercepting Microsoft wireless keyboard communications
Ian Farquhar (ifarquha)
ifarquha at cisco.com
Sun Dec 9 19:20:44 EST 2007
When I looked at this circa 2001-2002, for another company, other 27MHz
keyboards didn't even bother to encrypt. Most of the data was sent in
the clear, with neither encryption nor robust authentication.
Exactly what makes this problem so difficult eludes me, although one
suspects that the savage profit margins on consumables like keyboards
and mice might have something to do with it.
Ian.
-----Original Message-----
From: owner-cryptography at metzdowd.com
[mailto:owner-cryptography at metzdowd.com] On Behalf Of Leichter, Jerry
Sent: Friday, 7 December 2007 10:13 AM
To: cryptography at metzdowd.com
Subject: Intercepting Microsoft wireless keyboard communications
http://www.dreamlab.net/download/articles/Press%20Release%20Dreamlab%20T
echnologies%20Wireless%20Keyboard.pdf
Computerworld coverage at
http://www.computerworld.com/action/article.do?command=viewArticleBasic&
articleId=9051480
The main protection against interception is the proprietary protocol,
which these guys were able to reverse engineer. The exchange is
"encrypted" using a Caeser cipher (XOR with a single byte that is the
common key, which is the only secret in the system); they say they can
determine the right key within 30 characters or so. Their current
hardware can read the data from 33 feet away; with a better antenna,
well over a hundred feet should be possible. These things operate at
27 MHz, which will penetrate walls easily.
Reading multiple keyboards at once is possible and they already do it.
They are looking at injecting data into the stream - presumably not very
hard.
Many other brands of wireless keyboard may well be equally vulnerable.
-- Jerry
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
majordomo at metzdowd.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list