Sometimes security risks hide in plain sight
January 14, 2015 6:09 AM   Subscribe

Do you use a wireless keyboard? For those of us who worry about the security of our wireless devices, every now and then something comes along that scares even the already-paranoid. (from Hackaday.)
posted by pjern (22 comments total) 9 users marked this as a favorite
 
Another example of Charlie Stross' theory that the internet of things is inherently unsafe.
posted by MartinWisse at 6:17 AM on January 14, 2015 [8 favorites]


RF? Do I look like a peon?
posted by entropicamericana at 6:23 AM on January 14, 2015 [1 favorite]


I am typing this comment on a wireless Microsoft keyboard. Anybody could be reading it as I type and get a 4 second head start on my actual posting of it.
posted by 724A at 6:26 AM on January 14, 2015 [1 favorite]


Aren't the already-paranoid the most likely to be newly-reparanoided?
posted by I-Write-Essays at 6:34 AM on January 14, 2015 [2 favorites]


The security paranoid do not use wireless keyboards. The truly security paranoid know about Tempest and how to use a spectrum analyser.
posted by Devonian at 6:40 AM on January 14, 2015 [2 favorites]


While the security of any consumer-level wireless keyboard is ripe for scrutiny, it's worth pointing out that this project only targets specific models of Microsoft wireless keyboards.
posted by indubitable at 6:42 AM on January 14, 2015


Those nrf transceivers are dirt cheap, and terrible. Bluetooth at least has some degree of encryption.

I have some boards right now with a new Wifi transceiver that is under $3, and have the same encryption as normal Wifi. In a few years a lot of this stuff will be on much more sophisticated protocols that aren't trivial to snoop.
posted by miyabo at 6:42 AM on January 14, 2015 [1 favorite]


I have on good authority that this is exactly how linkedin lost those six million passwords.
posted by 7segment at 6:44 AM on January 14, 2015 [1 favorite]


Oh, and for those wondering about the state of security in Bluetooth, here's the latest NIST guide to Bluetooth security.
posted by indubitable at 6:45 AM on January 14, 2015


In the surveillance dystopia of the future, the elite will use typewriters, film cameras, parchment, zeppelins, monocles...

...

THIS IS HOW STEAMPUNK HAPPENS, PEOPLE!
posted by overeducated_alligator at 6:47 AM on January 14, 2015 [22 favorites]


Wait.... cheap electronics transmitters might be received by receivers? OMFG!!!

This is utterly worthless "news" in a world where your voice can be detected optically off your windows and processor sounds can narrow down guesses at the password typed in. If you want safety from the NSA, wireless keyboards are like using "Do Not Disturb" signs in place of locking your door. If you want safety from some oppressive, non-trillion-dollar regime, they won't be snooping at your keyboard anyway.
posted by IAmBroom at 6:50 AM on January 14, 2015 [1 favorite]


Its worth is not from how it works: we've known how to do this for ages. Its worth is from its cost. Someone just showed (semi-)mass media and its consumers that you can make a non-contact remote keylogger for less than the cost of a decent dinner.
posted by introp at 7:09 AM on January 14, 2015 [4 favorites]


Another example of Charlie Stross' theory that the internet of things is inherently unsafe.

What in the world does a wireless keyboard have to do with the Internet of Things?
posted by Fidel Cashflow at 7:43 AM on January 14, 2015 [1 favorite]


This isn't theoretical, either.
posted by fragmede at 8:02 AM on January 14, 2015


Umm, did anyone ever consider wireless keyboards secure? really? lol
posted by jeffburdges at 8:08 AM on January 14, 2015 [2 favorites]


Devonian: “The security paranoid do not use wireless keyboards.”
I didn't allow wireless networking inside my home until a few years ago when I decided it was rude to not provide WiFi for your guests.
posted by ob1quixote at 9:31 AM on January 14, 2015


I don't use a wireless keyboard because why the hell would I, when I can just plug it into the computer that sits eighteen inches away from it and never have to change batteries, or buy batteries or dispose of batteries for my keyboard.
posted by BrashTech at 10:20 AM on January 14, 2015


What in the world does a wireless keyboard have to do with the Internet of Things?

They both rely on microcontrollers that get increasingly smaller, cheaper and more powerful, but in turn also suffer increasingly from security flaws that can't be readily fixed by the average consumer - either because doing so would require the equipment and ability to reprogram the controller, or simply because noone cares enough to make a fix (or they'd rather you bought the newest model instead).
posted by GenericUser at 11:28 AM on January 14, 2015 [2 favorites]


but in turn also suffer increasingly from security flaws that can't be readily fixed by the average consumer

Many privacy and security-conscious geeky people were terrified of mobile, and of cloud computing, and of social media, and of unencrypted email, and of the Internet itself -- all for good reasons. It doesn't matter: the world doesn't care. The Internet of Things is coming and the best we can do is to engage and try to make it better.
posted by miyabo at 6:17 PM on January 14, 2015


> Umm, did anyone ever consider wireless keyboards secure? really? lol

Especially with that sticky note with all my passwords on the bottom. A slightly more advanced exploit would be able to read those too.
posted by jfuller at 9:09 AM on January 15, 2015


Nah, paper is a good password manager.
posted by jeffburdges at 9:38 AM on January 15, 2015




« Older The remains of Bradbury’s home   |   You asked me to write my life. Newer »


This thread has been archived and is closed to new comments