FBI finally warns private businesses about snooping KeySweeper devices

The FBI’s Cyber Division is just now getting around to warning the private industry about a fake USB device charger that can log the keystrokes of certain wireless keyboards. The government is talking about KeySweeper, which was first revealed as a proof-of-concept attack platform by Samy Kamkar 15 months before the FBI’s current notification. Kamkar used a USB-based phone charger in his demonstration to show how this platform could reside anywhere and steal/decrypt keystrokes from any Microsoft-branded wireless keyboard in the vicinity.

“If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information,” the FBI warns. “Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.”

According to Kamkar, the fake wireless device charger can use an internal battery, allowing it to sniff and log Microsoft wireless keyboard transmissions even when its unplugged from the wall and seemingly shut off. Collected data can be stored locally on a flash-based chip too, or sent over a GSM-based cellular network like AT&T and T-Mobile. Two KeySweeper devices can even exchange information wirelessly, and there’s a web-based tool for live keystroke monitoring as well.

The sneaky KeySweeper device created by Kamkar featured a 3.3v Arduino Pro Mini microcontroller, a nRF24L01+ RF chip that communicated using GFSK over the 2.4GHz band, and an AC USB charger for converting AC power to 5v DC. Optional components include an SPI Serial Flash chip for storing keystrokes, the Adafruit FONA board for using a 2G SIM card, and a 3.7v LiPo or LiOn battery for power when disconnected from a wall outlet.

KeySweeper’s primary code resides on the microcontroller while live monitoring of wireless keyboards is enabled by way of a web-based backend. This backend provides a web interface and uses PHP and JQuery to log all keystrokes. He also modified the Adafruit FONA library that enables the FONA to detect a new text message, and created a JQuery Terminal plugin that makes keyboard monitoring easier.

Microsoft wireless keyboards use a proprietary 2.4GHz RF protocol. To figure out the actual wireless language, Kamkar ripped apart a Microsoft wireless keyboard and examined the chip responsible for its wireless connectivity. He bought the exact same chip off eBay, and later began to build the actual USB charger device, as shown in a step-by-step tutorial here. Essentially, just about anyone can build this device on the cheap.

In his proof-of-concept, Kamkar reveals that his invention will send SMS alerts when the target wireless keyboard broadcasts specific keystrokes, such as the URL to a bank. He also acknowledges that KeySweeper is actually an extension of work previously done by Travis Goodspeed, and work by Thorsten Schroder and Max Moser.

Why the FBI has waited until now to warn the private industry about KeySweeper is unknown. However, the agency points out that the Microsoft wireless keyboards subject to keystroke sniffing are manufactured before 2011, but are still currently on the market to purchase. Kamkar claims that his device can sniff out any Microsoft wireless keyboard transmission, so private companies should keep an eye out for suspicious wireless chargers lounging around no matter what year the Microsoft keyboard was made.

Smart Home

Whatever happened to those dumb smart products we wrote about in 2017?

A smart salt dispenser? As manufacturers rush to get the next new smart item out there, we wonder if all these new inventions are really necessary. Here’s a list of 10 of the quirkiest home smart gadgets available, and where they are now.

How do the revised Xbox One and PlayStation 4 consoles stack up?

Microsoft's new Xbox One S and Sony's PlayStation 4 "Slim" have bucked the generational gaming console trend. But which of these stopgap systems is worth spending your paycheck on?
Home Theater

Throw away those EarPods -- we dug up the best headphones in every style

Trolling the internet for hours to find headphones is no way to live. Instead, leverage our expertise and experience to find the best headphones for you. Here are our favorites, with all the features you want.
Product Review

With its gem-cut design, HP’s near-perfect Spectre x360 2-in-1 is a shining jewel

HP’s updated Spectre x360 13 is dubbed “gem-cut” for a reason. It looks like a gem cutter went to work on the chassis, and the result is glorious. It’s also fast, well-built, and lasts long on a charge. What else could you need?

Is 14 inches the perfect size for a laptop? These 4 laptops might convince you

If you're looking for the best 14-inch laptops, there are a number of factors to consider. You want good battery life, an attractive screen, solid performance, and a good build. Our favorites that do all that and more.

Get Corsair’s best mechanical keyboard at a decent discount

From March 17 to 23, you can get one of the best mechanical keyboards around at a great price. The Corsair K95 RGB Platinum is normally $200, but this week you can pick one up from Amazon for $160.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Write music with your voice, make homemade cheese

Check out our roundup of the best new crowdfunding projects and product announcements that hit the web this week. You may not be able to buy this stuff yet, but it sure is fun to gawk!

Need more from your conference white board? The Surface Hub 2 should have it

The Surface Hub 2 could be the most expensive whiteboard ever made, but it should be a powerful and capable one. With the ability to connect several of the 50-inch displays together, the picture at least, should be gorgeous.

Teens using Google Docs as the modern version of passing notes in class

Google Docs is reportedly being used by teens as a secret communications app. Instead of passing notes, students are now using the software's live chat function or comment boxes to talk with their friends while in the middle of classes.
Emerging Tech

A.I.-generated text is supercharging fake news. This is how we fight back

A new A.I. tool is reportedly able to spot passages of text written by algorithm. Here's why similar systems might prove essential in a world of fake news created by smart machines.

Windows updates shouldn't cause problems, but if they do, here's how to fix them

Windows update not working? It's a more common problem than you might think. Fortunately, there are a few steps you can take to troubleshoot it and in this guide we'll break them down for you step by step.

Here’s how you can watch today’s Nvidia GTC 2019 keynote live

Nvidia's rumored 7nm Ampere graphics could debut soon. The company will be kicking off its GPU Technology conference at 2 p.m. PT today, Monday, March 18, and you can watch the opening keynote here.

After fourth attack, hacker puts personal records of 26M people up for sale

A serial hacker going by the name of Gnosticplayers is selling the personal data of 26 million people who have been using the services of six different companies from across the world.

HP’s Omen Mindframe headset keeps your ears chill, but might leave you lukewarm

The Omen Mindframe headset uses HP's FrostCap technology to keep ears cool during long gaming sections. While it delivers on keeping ears cool, it forgets some of the essentials of a quality gaming headset.