[Cryptography] Security of wireless keyboards and mices.
Benjamin Kreuter
brk7bx at virginia.edu
Tue Nov 4 18:28:50 EST 2014
On Tue, 2014-11-04 at 19:17 +0100, Natanael wrote:
> Den 4 nov 2014 18:57 skrev "Phillip Hallam-Baker" <phill at hallambaker.com>:
> > Logitech claim to have 128 bit AES. But what do the doofus vendors use?
>
> One big problem with practically all of them is the timing side channels on
> the input.
How different is this from the various side channels on wired keyboards
and wired mice? Computers give off all kinds of emissions. Sure, it is
higher power, but still milliwatts -- if your threat model includes an
adversary who can pick that up, it should probably include one who can
pick up all those other emissions too.
The more interesting question is about authentication. I am much more
worried about an attacker that can send arbitrary keystrokes to my
computer. This is even more concerning given the use-case for
Logitech's hardware: a convenient little dongle that you can leave in
your laptop even when you are away from your mouse and keyboard. If it
is not authenticated and not secure against replay attacks, the attacker
might only need to sit a few feet away from you at a cafe to completely
compromise your system.
-- Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20141104/dc12a59d/attachment.sig>
More information about the cryptography
mailing list