Microsoft wireless keyboards crypto cracked

Tapping up


Security researchers have cracked the rudimentary encryption used in a range of popular wireless keyboards.

Bluetooth is increasingly becoming the de-facto standard for wireless communication in peripheral devices and is reckoned to be secure. But some manufacturers such as Logitech and Microsoft rely on 27 MHz radio technology which, it transpires, is anything but secure.

Using nothing more than a simple radio receiver, a soundcard and suitable software, Swiss security firm Dreamlab Technologies managed to capture and decode the radio communications between a keyboard and a PC. The attack opens the way up to all sorts of mischief including keystroke logging to capture login credentials to online banking sites or email accounts.

Dreamlab cracked the encryption key used within Microsoft Wireless Optical Desktop 1000 and 2000 keyboards. As most products in Microsoft's wireless range are based on the same technology other products are likely to be insecure. Max Moser and Phillipp Schrödel of Dreamlab Technologies succeeded in eavesdropping traffic from a distance of up to ten meters using a simple radio receiver. More sensitive receivers may make it possible to capture keystrokes over larger distances.

Sniffing traffic between wireless keyboards and their base stations was possible because of the weak encryption used, as explained in a white paper from Dreamlab:

To our surprise, only the actual keystroke data seems to be encrypted. The Metaflags and identifier bits aren't encrypted or obfuscated. The one byte USB Hid code is encrypted using a simple XOR mechanism with a single byte of random data generated during the association procedure.

This means that there are only 256 different key values possible per keyboard and receiver pair. We did not notice any automated key change interval and therefore assume that the encryption key stays the same until the user reassociates the keyboard. 256 key combination can be brute forced even with very slow computers today. We did not analyze the quality of the random number so far because it was not needed to successfully break the encryption.

"Wireless communication is only as secure as the encryption technology used. Due to its nature, it can be tapped with little effort," said Dreamlab's Max Moser.

Dreamlab has reported the security loophole to Microsoft. The security researchers are holding off releasing details on exactly how the hack was pulled off pending the release of a fix, which it reckons may be a difficult and drawn-out process. The security researchers have however published a video of the attack here. ®


Other stories you might like

  • Intel is running rings around AMD and Arm at the edge
    What will it take to loosen the x86 giant's edge stranglehold?

    Analysis Supermicro launched a wave of edge appliances using Intel's newly refreshed Xeon-D processors last week. The launch itself was nothing to write home about, but a thought occurred: with all the hype surrounding the outer reaches of computing that we call the edge, you'd think there would be more competition from chipmakers in this arena.

    So where are all the AMD and Arm-based edge appliances?

    A glance through the catalogs of the major OEMs – Dell, HPE, Lenovo, Inspur, Supermicro – returned plenty of results for AMD servers, but few, if any, validated for edge deployments. In fact, Supermicro was the only one of the five vendors that even offered an AMD-based edge appliance – which used an ageing Epyc processor. Hardly a great showing from AMD. Meanwhile, just one appliance from Inspur used an Arm-based chip from Nvidia.

    Continue reading
  • NASA's Psyche mission: 2022 launch is off after software arrives late
    Launch window slides into 2023 or 2024 for asteroid-probing project

    Sadly for NASA's mission to take samples from the asteroid Psyche, software problems mean the spacecraft is going to miss its 2022 launch window.

    The US space agency made the announcement on Friday: "Due to the late delivery of the spacecraft's flight software and testing equipment, NASA does not have sufficient time to complete the testing needed ahead of its remaining launch period this year, which ends on October 11."

    While it appears the software and testbeds are now working, there just isn't enough time to get everything done before a SpaceX Falcon Heavy sends the spacecraft to study a metallic-rich asteroid of the same name.

    Continue reading
  • Rise in Taiwanese energy prices may hit global chip production
    National provider considering cost increase of 8%, which could be passed on to tech customers

    Taiwan's state-owned energy company is looking to raise prices for industrial users, a move likely to impact chipmakers such as TSMC, which may well have a knock-on effect on the semiconductor supply chain.

    According to Bloomberg, the Taiwan Power Company, which produces electricity for the island nation, has proposed increasing electricity costs by at least 8 percent for industrial users, the first increase in four years.

    The power company has itself been hit by the rising costs of fuel, including the imported coal and natural gas it uses to generate electricity. At the same time, the country is experiencing record demand for power because of increasing industrial requirements and because of high temperatures driving the use of air conditioning, as reported by the local Taipei Times.

    Continue reading

Biting the hand that feeds IT © 1998–2022