Wireless keyboards from eight companies suffer from the KeySniffer vulnerability, allowing attackers to glean passwords, credit card numbers, and security questions and answers.
Wireless keyboards from eight companies suffer from the KeySniffer vulnerability, allowing attackers to glean passwords, credit card numbers, and security questions and answers.
According to a report by Threatpost, the vulnerability can allow attackers to eavesdrop on keystrokes from up to 75 metres away.
The keyboard brands affected are:
- Hewlett-Packard
- Toshiba
- Kensington
- Insignia
- Radio Shack
- Anker
- General Electric
- EagleTec
KeySniffer was discovered by Marc Newlin, a researcher with Bastille Networks, after he found that two thirds of the keyboards he tested did not have encryption to begin with.
“As soon as I had finished the initial reverse engineering process it was immediately clear that these devices were sending all the keystrokes in clear text,” said Newlin.
Bastille gave the keyboard manufacturers 90 days to address the vulnerability, but most vendors failed to respond, stated the report.
Affected users should switch to a wired or Bluetooth-enabled keyboard, said Bastille.