Are Wireless Keyboards Leaking Your Data?

Thanks for the timely posting. I am looking to replace my Logitech wireless keyboard with one that uses mechanical switches, and those keyboards all use wired connections. Now I can rationalize the high price tag!

Don't think I am at too much risk though, since the Logitech keyboard's "low power" design routinely drops its connection from only 4 feet away!

The issue goes far beyond radio keyboards. That is why the military and the government have 'Tempest' qualified computers and frequently only use them in shielded rooms. This is because the entire computer is radiating information that the properly equipped person can tap and at quite a distance.

THANK GOD Bob for your integrity. it would be all too easy to be a typical journalist and pluck up new subscribers by playing chicken little and giving a hungry public one more red herring to be paranoid about. your work is INVALUABLE!

In the late 1980's TEMPEST certification was a hot topic. The solution was a case for the computer. Think of a 6 foot table with a metal enclosure overtop of it. The door was lockable for added physical security. The problem was that using this shielded metal box was a severe lack of airflow. After multiple computer crashes it was determined the computers needed air to keep them cooled. The boxes went away and new computers were moved from outside walls and room dividers were placed around the areas.

As a retired Signals Intelligence(SIGINT)from the 70s and the 80s, I would be more interested at seeing the range at which these keyboards were intercepted. If the range is very short such as that of a Bluetooth signal, then I would not be overly concerned. If it is greater, say up to a mile or so, then it could be a problem. As the one comment above says, simply moving it away from the outside wall helped immensely.

MORE batteries and worse, what if you want to press a key on start-up to change your boot order? Wireless kb's don't seem to do it. So the last time I unplugged the wireless and plugged in the USB keyboard to change boot order... I just left it that way... about 10 years ago.

How about a fake phone charger that is recording your wireless keystrokes???
This recent article tells all
http://arstechnica.com/security/2016/05/beware-of-keystroke-loggers-disguised-as-usb-phone-chargers-fbi-warns/

and here are instructions on how to build it yourself -
http://samy.pl/keysweeper/

Lucky for most of us, these brands are less popular than, say, the ubiquitous Microsoft or Logitech wireless keyboards, which aren't on the list. Perhaps the manufacturer(s) of these brands could just engineer a new encryptable dongle that plugs into the computer, that would cost the consumer around $10.00, or less. But, I guess, we shouldn't hold our breath, waiting for that to happen.

There is not a word on the Kensington Pro-Fit Wireless Desktop Set pages, either in features or specifications, indicating encryption capabilities.

2002 yıl itibari ile Satılık Araba, Türkiye’de online Alışveriş'in en güçlü isimlerinden biri. Emlak ile kurduğumuz hayaller ve ulaştığımız hedeflerle araba segmentinde bugünlere kadar geldik. Satılık Araç ile internetten güvenilir alışverişi geliştirdik, Hizmet anlayışımızla fark yarattık. Satılık araba sektöründe hem çok büyüdük hem çok sevildik! Ne istersen 1.250 kategoride 90.000 adet ürün çeşitiyle e-ticareti Türk insanına sevdirmekle kalmadık, vazgeçilmeze dönüştürdük.

Web Sitemiz; http://www.neistersen.com.tr/

2002 yıl itibari ile Satılık Araba, Türkiye’de online Alışveriş'in en güçlü isimlerinden biri. Emlak ile kurduğumuz hayaller ve ulaştığımız hedeflerle araba segmentinde bugünlere kadar geldik. Satılık Araç ile internetten güvenilir alışverişi geliştirdik, Hizmet anlayışımızla fark yarattık. Satılık araba sektöründe hem çok büyüdük hem çok sevildik! Ne istersen 1.250 kategoride 90.000 adet ürün çeşitiyle e-ticareti Türk insanına sevdirmekle kalmadık, vazgeçilmeze dönüştürdük.

Web Sitemiz; http://www.neistersen.com.tr/

Actually Bob, this entire concept is much older than that. I am a venture capitalist who represented a California Hi-Tech company, Dynamic Sciences back in the 1980's. They were a company made up of brilliant computer and radio scientists but with not enough business management.

Although they did many other things, their main business was building radios that defined the Tempest Standard. This was the Federal Government Security Standard that defined how much radio wave leakage a device could have and be sold to various government agencies. A substantial percentage of their revenue came from selling radios packed in briefcases or small suitcases which were extremely sensitive and tuneable to 3 letter agencies for cash.

I actually helped them complete a round of venture funding at a large California Bank based VC fund by going into a meeting with the VC Fund executives and demonstrating to them why the Tempest Standard should be important to businesses like banks and not just the government. It was actually one of the shortest and most successful fund raising pitches I ever made.

To make a much longer story very short, the executive asked me why anyone but the government would care about Tempest and I demonstrated why by handing him a slip of paper that had that day's Wire Transfer Code for the bank, which we had read from the street through the radio emissions from a wired (not wireless) keyboard from their wire room that we had been able to isolate from the street outside the bank high-rise using the Dynamic Science Radios.

The VC Executive called BS and said he did not even know the days's wire code. So i told him if he was so certain call in someone from the wire room who had the code and ask them. After some badgering, he called in the wire room manager and handed her the piece of paper I had handed him. This lady turned completely ashen, screamed at the VC Manager that he was not authorized to have that and asked him where he got it. I explained we got it from the street outside the Bank Building and explained to the VC manager that we had chosen not to self-fund as with that code you can virtually empty a bank. We walked out that day with a check for $20MM. And remember this is the early 80's when that was a lot of money.

So leakage of radio signals is very old info and wireless keyboards without encryption or with weak encryption just make it easier, but wired keyboards are no protection as they leak radio signals as well and even today few computers are built to even 30 years ago's Tempest Standard much less to beat today's radio technology.

Since learning of "mousejacking" & "keyjacking", I've been scouring electronics stores for WIRED devices. They're hard to find -- and I've yet to see a non-Mac keyboard with connected wired mouse (saving a USB port) made by a big manufacturer.

I did observe something odd with my wired Insignia (Best Buy) mouse. It seems to import the drivers of all the USB devices connected to a PC, and bring them to the next machine that I connect the mouse to. As I have a couple of brand-new PCs, it's easy to see (in Device Manager) the drivers installed on PC B for flash & hard drives that never touched PC B -- but WERE used on PC A -- and vice-versa. (I've stopped using this rogue mouse altogether & deleted the roguely-imported drivers from both PCs; I also now have a brand-new MS wired mouse on each machine -- no more mouse-transferring).

I have always used wired keyboards and mice - they're inexpensive and reliable. Problem solved!