Skip to main content

Newly discovered ‘key sniffing’ hack could compromise keyboards from up to 250 feet away

Bastille KeySniffer
Just months after uncovering MouseJack, Atlanta-based cybersecurity company Bastille recently exposed vulnerabilities that could leave consumers open to attack when using a low-cost wireless keyboard. Hackers are reportedly utilizing a set of security vulnerabilities the company calls “KeySniffer,” which can enable them to remotely capture all keystrokes from up to 250 feet away. Affected wireless keyboard manufacturers include HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec (all models listed here).

“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”

The problem here is that attackers could potentially hack victims in numerous ways thanks to what their prey actually types. That includes credit card numbers and their CVV codes, usernames and passwords to bank accounts, passwords to networks, answers to security questions, company trade secrets, machine login credentials, and so much more.

But the hack doesn’t stop there. Attackers can inject their own malicious keystroke commands too, enabling them to install malware, grab sensitive data, or perform other malicious acts as if they had actual physical access to the desktop or laptop.

The problem resides with wireless keyboards that operate in the 2.4GHz ISM band using GFSK modulation (generally, in the form of a USB dongle), and not models relying on Bluetooth. These units are using unencrypted radio communication protocols to transmit keystrokes to the paired USB dongle plugged into a desktop or laptop. In turn, these keystrokes can be accessed using equipment and software costing less than $100.

In a video demonstration here, Newlin is able to scan the office for a vulnerable keyboard, and grab everything his associate enters when booking a hotel reservation.

“Previously demonstrated vulnerabilities affecting wireless keyboards required the attacker to first observe radio packets transmitted when the victim typed on their keyboard,” the firm said in a list of technical details. “The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals, enabling an attacker to quickly survey an environment such as a room, building, or public space for vulnerable devices regardless of the victim’s presence. This means an attacker can find a vulnerable keyboard whether a user is at the keyboard and typing or not, and set up to capture information when the user starts typing.”

As the product list linked above points out, not all wireless keyboards suffer the KeySniffer vulnerabilities. Many high-end units encrypt keystroke data before sending the information to the USB dongle. In turn, that dongle has the encryption key, securing the user’s keystrokes as they pass from the peripheral to the computing device. Hackers can’t get that information unless they obtain the encryption key.

In light of the KeySniffer exposure, General Electric supplied a response, saying that Jasco Products Company actually builds the keyboards suffering the KeySniffer problem, and merely slaps on the GE logo. The company is aware of the problem and will work directly with customers. Meanwhile, Kensington supplied a response as well, reporting that it released a firmware update that includes AES encryption to close any security holes.

Editors' Recommendations

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Best VR headset Memorial Day deals: save on Meta Quest 2, HTC VIVE XR Elite
A woman dives into action with the Meta Quest 2.

VR headsets can be a lot of fun, especially if you have the room to play around and fully live out the virtual 3D space you're in. That said, VR headsets can get quite expensive, and that's without counting the high-end gaming PC that you tend to have to buy to take advantage of it. Luckily, these early Memorial Day deals will save you a pretty penny, and while there aren't a ton of excellent VR headset deals to take advantage of, we've collected the best we could find below.
Our Favorite VR Headset Memorial Day Deal

When Meta originally took over Oculus, a lot of folks were skeptical about what that would entail, especially as VR is a nascent piece of tech and Meta is known to take on dubious projects, such as the Metaverse. Luckily, it wasn't as bad as most feared, with the Meta Quest 2 being one of the best VR headsets on the market for a long time. While it's true that the Meta Quest 3 has already come out, the Quest 2 has a lot of advantages, the least of which is that it's considerably cheaper, going for the new discounted price of $200, which is $50 less than what it was a few weeks ago.

Read more
Apple’s M2 13-inch MacBook Air is $150 off in the Memorial Day sales
The screen of the MacBook Air on a table.

If you don’t mind going one generation back with your purchase, Best Buy has the MacBook deals for you with a massive $150 off the Apple MacBook Air 13.6-inch M2. Usually $999, it’s down to $849 for a limited time only. We can’t say how long the deal will stick around, but we can confidently say this is one of the better laptop deals to go for. If you’re keen to learn more, keep reading while we take you through things.

Why you should buy the Apple MacBook Air 13.6-inch M2
When you check out our look at the best MacBooks, you’ll notice that the MacBook Air 13.6-inch M2 features as the best MacBook for everyone. It’s super versatile with a great M2 processor, and a very lightweight and thin build. Despite being so thin, it’s robust thanks to its all-aluminum unibody enclosure which is super durable while looking good too.

Read more
Best Lenovo Memorial Day Deals: Laptops, Gaming PCs, Monitors, More
Lenovo Yoga Pro 9i 16 rear view showing lid and logos.

Along with companies like Dell and HP, Lenovo is probably one of the best-known brands when it comes to things like desktops and laptops, whether you're looking for a gaming device or a general day-to-day one. That's why it's great to see some excellent deals coming from Lenovo as part of the early Memorial Day sale, with a ton of deals on some of the best laptops and best desktops out there. Of course, Lenovo has a huge inventory of devices, which is why we've gone through it all and selected some of our favorite deals to save you the hassle.
Best Lenovo Laptop Memorial Day Deals

Lenovo's general laptops are perfect for those who want something that is more budget-friendly but will still work well for school, work, or just use in day-to-day activities such as streaming content. There are a lot of sizes to pick from, too, so you can pick something smaller if you want a more easy-to-carry laptop or a massive 16-inch screen if you want a lot of screen real estate. You can also check out some other great laptop deals if you don't quite find what you're looking for below.

Read more