2y ago

PSA: Stay away from wireless keyboards

I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said "my keyboard is typing all by itself". It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

39 comments

Bluetooth data transmission is encrypted. Initialization typically happens only through the press of a physical button.
I assume you're using wireless devices of the same manufacturer, that uses an alternative that is not Bluetooth, and has automatic pairing without a safeguard.
This is not about wireless primarily. Use a decent product and standard and you don't have that issue.
- Bluetooth isn't guaranteed to be safe either. It can be safe, with the proper configuration (which depends on the manufacturer, you usually can't change it), but it can also be very vulnerable
  
  How so? You mean which encryption is being used? The Bluetooth demanded minimum is not enough?
- Thanks. For what kind of specs I should be looking when byuing a wireless product? What key words I should be looking for?
  
  [This comment has been deleted by an automated system]
- Hmm, do you want a keyboard with firmware updates that encrypts keybresses....
  Or simply use USB?...
  
  [This comment has been deleted by an automated system]
Still using a PS/2 keyboard from like 2007. Checkmate.
I guess being old fashioned and sticking with my model M has it's advantages.
- The guy sitting next to you hates you
My Wireless keyboard is a Keychron. It doesn't have a dedicated adapter, it'll connect to any device with Bluetooth capabilities. From what I've seen of how it works, is that it can store up to 3 device signatures to automatically connect to (you can choose which of the three is active). What I assume it's storing is the MAC address which I thought is unique to the device.
do you have one with 2.4ghz receiver?
like one of the plug and connect; no pairing required ones?
yeah these are garbage...
- It was indeed a 2.4 Ghz one.
All my passwords are random characters and I just copy/paste out of bitwarden. Can't leak that with a wireless keyboard.
- Does that work for logging in?
  
  I only log in on my own devices. On devices that I don't own, I change the password afterwards.
- So what you're saying is that the password to get all your passwords from the cloud is typed onto a wireless keyboard?
Lol my closest neighbor is half a mile away checkmate
- Pay no attention to that unmarked van
  
  Can-tenna yaggi omni bi-focal ... satellite dish made into a bigass reflector collector. I'll get you from well down the street.
It is also problematic that you can send keypresses to the other person, especially since she was only using the receiver for a mouse.
Used to work in an office where dell's wireless peripherals would every once in a while randomly enter pairing mode and connect to someone else's machine... often to the humor of those nearby. Their tech was based on Logitech's older Unifying stuff but I have no idea what they were thinking when adding auto pairing to it.
For wireless peripherals do research beforehand if this is something you're worried about. Personally I stick with newer logitech stuff, which encrypt the connection and don't start auto-pairing when peripherals are switched on
I don't use wireless because batteries suck to deal with. I learned that in my teens with a wireless headset, wireless mouse and wireless keyboard!
- I don't know how old you are, but I used to think the same thing in my teens, however nowadays wireless nice last pretty long on a single charge. Mine lasts about 3 months, and in endurance mode like half a year.
- modern (bt) devices usually have a built in battery that can be recharged via cable (or use the cable to connect the device to it's computer), so that issue is off the table, at least for better devices.
Don't use cheap ones with white label components. Sender and receiver having a shared key would resolve this.
Shit my current computer only works with wireless keyboard...Although I guess I could get a regular one and use one of the USB ports. Good to know, thanks.
- If the keyboard is connected via Bluetooth, it should be quite secure.
  
  It's connected via wireless USB.
People use wireless keyboards?
- yeah, a bluetooth one and it's great.
  
  Just another item to charge it or replace the battery.
  Frankly speaking, I tend to use wired if I can. I'm just one of those unlucky folks where whenever I'm in a hurry or something's urgent. Things I use tend to be low on battery, ink, supply, gas, etcetera at that exact moment.
  Either I'm unlucky or I have a tendency to forget to monitor things that need refilling.
thank you

39 comments