Hackers Can Use A $10 Wall Charger To Intercept Anything Typed On Wireless Microsoft Keyboards
A security researcher claims to have developed a USB wall charger that can eavesdrop on almost any wireless Microsoft keyboard, VentureBeat is reporting — and he's released instructions on how to build it online.
The device, called the KeySweeper, masquerades as a working USB wall charger. However, it secretly monitors any Microsoft wireless keyboards within range and "passively sniffs, decrypts, logs and reports back" everything typed on them, its creator alleges. It could be used to record passwords and bank details, or capture confidential documents as they're being typed.
The security flaw has been highlighted by Samy Kamkar, a security researcher and entrepreneur who has previously flagged up issues with Parrot drones, illicit smartphone tracking and the PHP programming language. The device can be built for as little as $10, with optional features including sending SMS alerts when keywords are entered, and an internal rechargeable battery — meaning the device can keep logging keystrokes even when unplugged.
Microsoft wireless keyboards encrypt their data before sending it wirelessly, but Kamkar claims to have discovered multiple bugs that make it easy to decrypt. The researcher hasn't tested it on every Microsoft wireless keyboard, but he believes that due to similarities between them, they will all be affected.
A Microsoft spokesperson told VentureBeat that they "are aware of reports about a 'KeySweeper' device and are investigating."
Kamkar hasn't just highlighted the vulnerability — he's released detailed instructions on how to build the device on GitHub. He's also produced a half-hour video on KeySweeper, which you can watch below: