Skip to main content
  1. Home
  2. Computing
  3. Mobile
  4. News

Newly discovered ‘key sniffing’ hack could compromise keyboards from up to 250 feet away

Add as a preferred source on Google

Just months after uncovering MouseJack, Atlanta-based cybersecurity company Bastille recently exposed vulnerabilities that could leave consumers open to attack when using a low-cost wireless keyboard. Hackers are reportedly utilizing a set of security vulnerabilities the company calls “KeySniffer,” which can enable them to remotely capture all keystrokes from up to 250 feet away. Affected wireless keyboard manufacturers include HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec (all models listed here).

“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”

Recommended Videos

The problem here is that attackers could potentially hack victims in numerous ways thanks to what their prey actually types. That includes credit card numbers and their CVV codes, usernames and passwords to bank accounts, passwords to networks, answers to security questions, company trade secrets, machine login credentials, and so much more.

But the hack doesn’t stop there. Attackers can inject their own malicious keystroke commands too, enabling them to install malware, grab sensitive data, or perform other malicious acts as if they had actual physical access to the desktop or laptop.

The problem resides with wireless keyboards that operate in the 2.4GHz ISM band using GFSK modulation (generally, in the form of a USB dongle), and not models relying on Bluetooth. These units are using unencrypted radio communication protocols to transmit keystrokes to the paired USB dongle plugged into a desktop or laptop. In turn, these keystrokes can be accessed using equipment and software costing less than $100.

In a video demonstration here, Newlin is able to scan the office for a vulnerable keyboard, and grab everything his associate enters when booking a hotel reservation.

“Previously demonstrated vulnerabilities affecting wireless keyboards required the attacker to first observe radio packets transmitted when the victim typed on their keyboard,” the firm said in a list of technical details. “The keyboards vulnerable to KeySniffer use USB dongles which continuously transmit radio packets at regular intervals, enabling an attacker to quickly survey an environment such as a room, building, or public space for vulnerable devices regardless of the victim’s presence. This means an attacker can find a vulnerable keyboard whether a user is at the keyboard and typing or not, and set up to capture information when the user starts typing.”

As the product list linked above points out, not all wireless keyboards suffer the KeySniffer vulnerabilities. Many high-end units encrypt keystroke data before sending the information to the USB dongle. In turn, that dongle has the encryption key, securing the user’s keystrokes as they pass from the peripheral to the computing device. Hackers can’t get that information unless they obtain the encryption key.

In light of the KeySniffer exposure, General Electric supplied a response, saying that Jasco Products Company actually builds the keyboards suffering the KeySniffer problem, and merely slaps on the GE logo. The company is aware of the problem and will work directly with customers. Meanwhile, Kensington supplied a response as well, reporting that it released a firmware update that includes AES encryption to close any security holes.

Kevin Parrish
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Apple’s M6 chip isn’t even here yet, but you’ll see M7 Macs early in 2027
Apple is reportedly already accelerating its next-generation silicon roadmap, even before the M6 has launched.
Apple MacBook

The M6 chip is still expected to debut later this year, but Apple may already be preparing for what comes next. According to Mark Gurman's latest report for Bloomberg, the company is aiming to introduce its first M7-powered devices as early as the first half of 2027, hinting at a much faster silicon refresh than many expected.

M7 could arrive alongside new Macs and iPads

Read more
The entry-level MacBook Pro could get a design refresh in 2027, and it’s about time
Five years on the same chassis, and now both tiers of the MacBook Pro are getting a new look at once.
MacBook Pro in space grey sitting on a desk.

Apple has a new MacBook Pro lined up for launch early next year, according to Bloomberg. The company will introduce a 14-inch laptop in the first half of 2027. 

The biggest surprise, however, will be a brand-new design language. The outlet describes it as "a revamped entry-level MacBook Pro, code-named K104."

Read more
Study finds humans will talk to AI ghosts of the dead as reincarnations, and it’s pretty grim
The first AI ghost study is in. The results are about as complicated as you'd expect.
VR Headset, Person, Face

A new study from the University of Colorado Boulder confirms something that sounds both impressive and concerning. People find interacting with AI simulations of their dead loved ones deeply meaningful, and most will come away wanting to do it again.

The researchers call it a "generative ghost," which is a clear reference to generative AI, but I’d still prefer to call it unsettling.

Read more