After nearly 20 years of being on the market, this week a member of the Bastille Research Team revealed a new vulnerability which can pull keystrokes right out of the air from wireless keyboards, at a distance of up to 100 meters away.
The hack, dubbed “KeySniffer”, latches onto the 2.4GHz wireless spectrum to track the data communicated between the keyboard and the destination device, useful for hackers who may want to steal your credit card details while you’re shopping online in a public place.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two thirds) were susceptible to the KeySniffer hack.”
Neither Bluetooth nor higher-end wireless keyboards look to be vulnerable for the time being, as the hack only impacts cheaper boards that don’t encrypt the information sent between both devices.
Some of the more popular wireless keyboard brands that are affected by the vulnerability include Anker, Hewlett-Packard, Toshiba, and Insignia. If you have any of these brands or think you might be affected you can read the full list here, and it’s recommended you only use them at home or in a place of business you trust. Also, remember to never sign up to a WiFi network you don’t recognize without flipping on your ProVPN service first!