Eight popular wireless keyboard models have been broadcasting their users' keystrokes.
(CCM) — On Tuesday, cybersecurity company Bastille released a study proving that eight models of wireless keyboards were vulnerable to being hacked from as far away as 250 feet. The keyboards, which are manufactured by major electronics companies — including General Electric, Insignia (Best Buy's in-house brand), Hewlett-Packard, Radio Shack, and Toshiba — transmit information in such a way that it becomes available to hackers looking to steal users' private data. In order to expose the security holes, Bastille constructed a device called KeySniffer that was able to steal bank and credit card information, answers to security questions, and personal emails, among other confidential data typed into the affected wireless keyboards.
Normally, wireless keyboards encrypt the data that they transmit. However, some do so badly and others not at all. "It turned out after completing that step that, lo and behold, all of the keystroke data was simply being transmitted in cleartext, with no encryption whatsoever," said Marc Newlin, a researcher at Bastille. According to the company, there are no steps that consumers can take to secure a vulnerable keyboard, and the only solution is to purchase a more secure, Bluetooth-enabled or wired keyboard. There are ways for the affected manufacturers to fix their merchandise; however, the companies were tipped off about this weakness in their keyboards and have done nothing to publicly address the issue in the three months since.
Image: © kaprik - Shutterstock.com