Hackers can remotely “sniff” all the keystrokes of wireless keyboards from eight manufacturers from distances up to 250 feet away, according to the Bastille Research Team, the cybersecurity company that discovered the vulnerability.
When conducting a KeySniffer attack, hackers can eavesdrop and capture every keystroke a victim types in 100 percent clear text. This allows them to search for sensitive information, including: network access passwords, usernames, card numbers, expiration dates and CVV codes, answers to security questions and other sensitive data typed into a document or email.
Affected keyboard manufacturers include include: Hewlett-Packard, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.
These vulnerable keyboards are easy for hackers to detect as they are always transmitting, whether or not the user is typing, the researchers said.
Consequently, a hacker can scan a room, building, or public area for vulnerable devices at any time. The KeySniffer discovery reveals that manufacturers are producing and selling wireless keyboards without any encryption said Bastille.
Bluetooth keyboards and higher-end wireless keyboards from manufacturers including Logitech, Dell, and Lenovo are not susceptible to KeySniffer, the company said.
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery.
“Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack,” he added.