Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.
What Is KeySniffing and What Does It Mean for You?

What Is KeySniffing and What Does It Mean for You?

By István F.István F. Verified by Adam B.Adam B. Last updated: July 17, 2024 (0)
Table of contents

There are any number of ways for a hacker to attack, some more reliable than others. The most practical way might be to exploit the vulnerabilities of PC software, for example, but since patches can be delivered in typically only a couple of days that brief security loophole can be closed quite quickly.

Things get more complicated – and the stakes get higher – with hardware vulnerabilities, because usually a software update cannot solve the issue and, as such, a change of hardware is required. The latter is true of keyboard sniffing, whether that’s a wireless or wired keyboard.

Since the keyboard is an essential component of how we use computers – in most cases, this is how information is entered into the machine – any weakness in this peripheral can place any password-based authentication system in danger.

Keyboard as a target

Since the keyboard has such an integral role with computer use it has been the subject of a number of studies, all of which explore methods of accessing the data that is entered by the user. That’s how researchers discovered just how easy it is to siphon a user’s password as they enter it into the keyboard simply by recording the sound of the keystrokes.

It was researchers Asonov and Agrawal who first realized that each key produces a different sound and, with the help of sophisticated software, were able to accurately reproduce text entered by a user.

Low-cost hardware comes with a variety of vulnerabilities

Cyber security firm Bastille has discovered that two-thirds of wireless keyboards are susceptible to what they call a “KeySniffer” attack. As pointed out in a press release announcing their findings, this serious security vulnerability allows hackers to remotely decipher all keystrokes of wireless keyboards from up to 250 feet away.

This means that hackers can intercept your keystrokes – and with it your personal credentials – while you log into your bank account or type in your credit card details, and from that replicate the data in plain text. It’s easy to guess what comes next.

After testing low-cost wireless keyboards of 12 manufacturers, Bastille identified Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec products as being affected by the KeySniffer vulnerability.

What is KeySniffer?

KeySniffer is a set of security vulnerabilities discovered by Bastille in non-Bluetooth wireless keyboards released by eight manufacturers. As you may already know, wireless keyboards and mice work by using a wireless dongle that is attached to computers using a USB port.

These products commonly communicate using proprietary protocols operating in the 2.4 GHz ISM band, so when a user hits a key on the wireless keyboard, that information is then sent to the USB dongle, which ‘translates’ it for the computer so the action can take place on the computer it is connected to.

To protect this wireless transmission the data must be encrypted, but that wasn’t the case for the low-cost keyboards – as identified by Bastille. This leaves room for hackers to create software that imitates a keyboard and transmits unencrypted keyboard packets to the USB dongle, or force a new device to pair without any user interaction.

Wireless vs wired keyboard

Protecting yourself from KeySniffer attacks is pretty simple: since there is no software that can be patched to resolve this serious vulnerability, the only way a higher level of security can be achieved is by replacing the low-cost hardware with a high-end version, preferably a wired option if possible.

While this does mean giving up the convenience of a cable-free life, your data is transmitted via a wired connection, which has a basic layer of security by default. But if you thought that this meant you would now be safe, just take off those rose-tinted specs for a second: there are other techniques with which hackers track your keystrokes if they really want to intercept your passwords.

Nowadays, however, it seems to be much easier to launch an avalanche of phishing attacks, that users seemingly are happy to give their passwords to “when asked nicely”Password managers, however, act as security auditors for all your saved credentials: they will warn users if they are attempting to insert their username and password on a fraudulent site since they track the legitimate URL of the site you’re hoping to access and inform the user if there isn’t a match.

User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Latest Articles

How To Master English Fluency: 10 Effective Tips and Tricks
When it comes to language learning, we often come across the word ‘fluency’. But what does it mean exactly? Simply put, fluency is the ability to articulate a message ...
Read article
4 Reasons To Choose CRM Software With AI
With the competition increasing, maintaining lasting customer relationships is more crucial than ever. Customer relationship management (CRM) systems have long been the backbone of most businesses’ effective interaction management, helping them streamline processes, improve satisfaction, and boost sales
Read article
Empower Your Wedding With The Perfect Hashtag
Do you remember the time when # was a simple sign used only in phone menus? The mundane past of the hashtag is now gone, because Twitter came, saw, and turned this barely known sign into a global Internet craze. 
Read article

Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us