Symantec Issues Wireless Keyboard Warning
Symantec is urging wireless keyboard users to consider the security of the devices following a project that interpreted keystrokes by analysing the electromagnetic signals produced when keys are pressed.
Wed, June 10, 2009
PC Advisor (UK) — Symantec is urging wireless keyboard users to consider the security of the devices following a project that interpreted keystrokes by analysing the electromagnetic signals produced when keys are pressed.
Remote-Exploit.org's Keykeriki project used hardware and sniffer software to identify keystrokes. Remote-Exploit.org said the project was designed to let "every person verify the security level of their own keyboard transmissions, and/or demonstrate the sniffing attacks (for educational purpose(s) only)".
However, Symantec warned users that criminals could use the software to obtain passwords and log-ins for online bank accounts, without ever having to install malware onto the target system.
"The future implications of this project are quite scary, but we must remember that they are in proof-of-concept stage at the moment. What people are trying to prove is that one day someone could capture all your keystrokes without having to install anything on your system," said Con Mallon, director of product marketing, at Symantec's Norton division.
"Currently the information between wireless keyboard and computer is not encrypted, and therefore vulnerable to this form of attack. No doubt if this is proven we will see encrypted transmissions between the keyboard and the computer. However, If people are concerned that they are dealing with sensitive information through wireless keyboards in public spaces, they should consider moving back to a wired keyboard."