The $30 device that can hack into nearby keyboards
A security researcher has developed an inexpensive device that, while masquerading as a mere USB wall charger, can monitor keystrokes on nearby wireless Microsoft keyboards
Attention, Microsoft keyboard users: There is now a USB wall charger that can monitor almost any wireless Microsoft keyboard in its vicinity, VentureBeat reports.
Built by security researcher Samy Kamkar, KeySweeper, can sniff, decrypt, log, and report the keystroke activity present as a wireless keyboard communicates with a PC, according to Mr. Kamkar’s site. All information is saved locally and online, and KeySweeper can even send text messages based on trigger words, usernames, or URLs. An internal rechargeable battery allows the device to operate even when unplugged.
Kamkar estimates a KeySweeper device to cost between $10 and $30 to build. The covert device should work with most, if not all, Microsoft wireless keyboards.
“We are aware of reports about a ‘KeySweeper’ device and are investigating,” a Microsoft spokesperson told VentureBeat.
The development of the device comes in the wake of President Obama's call for better legislation around data protection. In the US, about 18 percent of online adults say they have had information such as credit card and bank account numbers stolen, according to the Pew Research Center.
KeySweeper, a keystroke logger, represents a type of device that has been the source of compromised security for a slew of companies over the years. In 2011, for instance, Texas-based marketing giant Epsilon reported having millions of customer names and emails stolen, affecting clients such as JPMorgan, Citigroup, and Best Buy. In 2013, hackers using keylogger malware reportedly stole close to 2 million login credentials from sites such as Facebook, Google, Yahoo, and Twitter, CNN reported.
However, keyloggers can legally be used for things like parental controls and company security, allowing parents or employers to track what their children or employees are doing online.
For his part, Kamkar has spent years researching and revealing weaknesses in mobile and wireless security. In 2008, he displayed how RFID (radio-frequency identification) technology in badges and credit cards could be exploited for identity theft.
“Using my firmware, you can actually just walk around without a laptop, with just this credit card-sized Proxmark device, have a little antenna about the size of a credit card, it could be in your sleeve, or it could be in your pocket, and just walk around in Times Square and you'll just start picking up people's IDs,” Kamkar told Jeff Williams, CTO of Contrast Security and host of The Security Influencers Channel on iTunes, in September.
In 2011, Kamkar discovered that Android, iPhone, and Windows Mobile devices constantly sent wifi router and GPS information back to their parent companies. His findings led to congressional hearings that looked into Apple’s and Google’s privacy policies and practices.
Kamkar is also the man behind the MySpace worm, a virus that, if so employed, had the ability to steal user data and that allowed Kamkar, then 19, to make more than 1 million MySpace friends in less than a day.
He also developed the Evercookie, a program that continues to identify users even after they delete standard cookies from their browsers; and the SkyJack, a drone that seeks out, hacks, and takes charge of other drones within wireless distance, “creating an army of zombie drones under your control.”