CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 26th, 2010

Microsoft Keyboards, Media Devices Under Attack By Open-source Kit

Security researchers on Friday unveiled an open-source device that captures the traffic of a wide variety of wireless devices, including keyboards, medical devices, and remote controls.

Keykeriki version 2 captures the entire data stream sent between wireless devices using a popular series of chips made by Norway-based Nordic Semiconductor. That includes the device addresses and the raw payload being sent between them. The open-source package was developed by researchers of Switzerland-based Dreamlab Technologies and includes complete software, firmware, and schematics for building the $100 sniffer.

Keykeriki not only allows researchers or attackers to capture the entire layer 2 frames, it also allows them to send their own unauthorized payloads. That means devices that don’t encrypt communications – or don’t encrypt them properly – can be forced to cough up sensitive communications or be forced to execute rogue commands.

At the CanSecWest conference in Vancouver, Dreamlab Senior Security Expert Thorsten Schroder demonstrated how Keykeriki could be used to attack wireless keyboards sold by Microsoft. The exploit worked because communications in the devices are protected by a weak form of encryption known as xor, which is trivial to break. As a result, he was able to intercept keyboard strokes as they were typed and to remotely send input that executed commands on the attached computer.

“Microsoft made it easy for us because they used their own proprietary crypto,” Schroder said. “Xor is not a very proper way to secure data.”

Even when devices employ strong cryptography, Schroder said Keykeriki may still be able to remotely send unauthorized commands using a technique known as a replay attack, in which commands sent previously are recorded and then sent again.

The device can also be used to spot weaknesses in cryptographic communications by comparing keystrokes to corresponding ciphertext. His analysis shows wireless keyboards made by Logitech most likely use 128-bit AES encryption. But even so, it may still be possible to decipher the contents by exploiting the way the secret key is exchanged.

“We still didn’t figure out how to crack that one, but I think it’s just a matter of time,” he said.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Wired Keyboards Keystrokes Can Be Hijacked From Up To 65 Feet Away
  • Mass Injection At Media Temple Hosting Leads To Web Exploit Kit
  • Highly Critical Vulnerabilities In VLC Media Player
  • ASF Files Are Used To Execute Malicious Scripts in Windows Media Player
  • Microsoft Update Disables AutoRun On Older Windows

    • Posted in Cryptography, Data Theft, Hardware, Microsoft, Privacy, Software, Vulnerabilities | Print This Post Print This Post

    This entry was posted on Friday, March 26th, 2010 at 2:24 pm and is filed under Cryptography, Data Theft, Hardware, Microsoft, Privacy, Software, Vulnerabilities. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Microsoft Keyboards, Media Devices Under Attack By Open-source Kit

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »