Microsoft wireless keyboards targeted by new $10 DIY sniffing device

Microsoft's wireless keyboards feature multiple bugs that enable easy sniffing and decryption of anything typed into them. Build your own sniffer for $10!

@paulyalcorn

Published Jan 15, 2015 10:42 AM CST
Updated Nov 3, 2020 12:10 PM CST

54 seconds read time

A security researcher has developed a USB wall charger that can intercept, log, and decrypt signals sent from Microsoft's wireless keyboards. The KeySweeper was developed by Samy Kamkar, a giving sort, who has released instructions on how to build the device online.

Microsoft wireless keyboards targeted by new $10 DIY sniffing device | TweakTown.com

The KeySweeper can be built for as little as $10 and simply appears to be a typical, and functional, USB wall charger. The charger monitors all Microsoft keyboards in range. The transmissions are encrypted, but the researcher has found multiple bugs that enable easy decryption. The design also includes optional features, such as an internal rechargeable battery that keeps the device working even after being unplugged, and SMS notification when keywords are typed into the keyboard.

There is a detailed build log on GitHub, and also a video on YouTube. Microsoft has fired back by insisting that all models manufactured after 2011 feature AES encryption, which isn't decoded by the system, but Samy Kamkar has recently purchased a vulnerable model from Best Buy last month.

There will likely be a firmware update in the future for the Microsoft keyboards, but when was the last time you checked for a new firmware for your keyboard? Many will likely continue to use the keyboards with no knowledge of the vulnerability, and this can lead to stolen bank information and passwords, along with anything else typed into the trusty keyboard.