A security researcher has developed a USB wall charger that can intercept, log, and decrypt signals sent from Microsoft's wireless keyboards. The KeySweeper was developed by Samy Kamkar, a giving sort, who has released instructions on how to build the device online.
The KeySweeper can be built for as little as $10 and simply appears to be a typical, and functional, USB wall charger. The charger monitors all Microsoft keyboards in range. The transmissions are encrypted, but the researcher has found multiple bugs that enable easy decryption. The design also includes optional features, such as an internal rechargeable battery that keeps the device working even after being unplugged, and SMS notification when keywords are typed into the keyboard.
There is a detailed build log on GitHub, and also a video on YouTube. Microsoft has fired back by insisting that all models manufactured after 2011 feature AES encryption, which isn't decoded by the system, but Samy Kamkar has recently purchased a vulnerable model from Best Buy last month.
There will likely be a firmware update in the future for the Microsoft keyboards, but when was the last time you checked for a new firmware for your keyboard? Many will likely continue to use the keyboards with no knowledge of the vulnerability, and this can lead to stolen bank information and passwords, along with anything else typed into the trusty keyboard.
- > NEXT STORY: More than 1 in 10 developers creating eSports-themed game title
- < PREVIOUS STORY: Nyko unveils Data Bank for PlayStation 4 - up to 6TB for the PS4