| View previous topic :: View next topic |
| Author |
Message |
PSTUBb
Just Arrived
Joined: 11 Nov 2005
Posts: 0
|
 Posted: Fri Jan 20, 2006 5:10 pm Post subject: Wireless Keyboards and Mouses...Useful yes, but safe? |
 |
|
I was wondering, with all these wireless keyboards and mouses poping up everywhere, there has to be someone who has thought of somehow using his own keyboard as the other person's to take over their keyboard and mouse.
Say your enemy goes to the bathroom. you pull out your special keyboard and start by finding his chanel (I guess, I'm not exactly sure how they work I dont have one at home) once you find it you have complete control over the keyboard. same for the mouse. from there you can do whatever you wnt. Download a keylogger or a trojan from the internet etc.
And I guess since keyboards dont need to recieve anything from the computer (do they?) You dont have to be so close, as long as your signal reaches the computer, its not like the signal of the computer has to reach you. although you will need to see their screen. that part is up to you to figure out I guess. a cam? maybe your close by? maybe you dont need to see that screen anyway?
Oh yeah and dont forget all the other wireless things.
Has anyone tried this before?
|
|
| Back to top |
|
 |
AdamV
SF Mod
Joined: 06 Oct 2004
Posts: 67
Location: Leeds, UK
|
| Posted: Fri Jan 20, 2006 5:44 pm Post subject: |
|
|
usually the security comes from association - the same kind of technology which prevents someone else listening to your mobile phone conversations on their bluetooth headset. You have to 'connect' the device to a base station in the first place, usually by holding a button down on one or the other or both. This pairs them and after that someone else would have to spoof the ID as well.
no idea how hard that spoof would be though.
I'm more worried that every time I hit CAPS lock the garage door across the road opens...
|
|
| Back to top |
|
|
PSTUBb
Just Arrived
Joined: 11 Nov 2005
Posts: 0
|
| Posted: Fri Jan 20, 2006 6:32 pm Post subject: |
|
|
|
lol okay thanks. I guess it might be a little harder than I thought. I thought of this after I was messing with my neighbor with those universal remotes lol. I knew it would be harder than that but didnt know how much.
|
|
| Back to top |
|
|
razta
Just Arrived
Joined: 12 Nov 2005
Posts: 2
Location: 127.0.0.1
|
| Posted: Sat Jan 21, 2006 3:22 am Post subject: |
|
|
The wireless keyboards and mouses only have about a 4m radius anyway for you to connect to them. I suppose if you had the same wireless keyboard and mouse (same model + version) you could do it, you could only do it from the same room or next door. I dont think it poses a substancial security risk. But I may be wrong.
P.S. Does your neighbours garage door really open? or you just kidding? lol
|
|
| Back to top |
|
|
capi
SF Senior Mod
Joined: 21 Sep 2003
Posts: 55
Location: Portugal
|
| Posted: Sat Jan 21, 2006 4:48 am Post subject: |
|
|
| AdamV wrote: |
usually the security comes from association - the same kind of technology which prevents someone else listening to your mobile phone conversations on their bluetooth headset. You have to 'connect' the device to a base station in the first place, usually by holding a button down on one or the other or both. This pairs them and after that someone else would have to spoof the ID as well.
no idea how hard that spoof would be though. |
How vulnerable is this to passive listening, though? Is there encryption used? Not very likely, I would say.
I'd be more concerned about broadcasting my every keypress through the air than with someone playing with my mouse cursor. I can spot the latter, and fix it (either by changing to a wired mouse, or by using a hard piece of sports equipment to discourage the person from doing so again).
Even then, security concerns aside, I still don't get the whole point in wireless keyboards and mice. Besides being anoyed by range and interferences, battery status and so on, what do they give me? Are they supposed to let me use the computer from my sofa across the room? Too bad I can't make out the letters on the screen from there.
|
|
| Back to top |
|
|
roundtrip
Just Arrived
Joined: 04 Aug 2005
Posts: 0
Location: Scotland
|
| Posted: Sat Jan 21, 2006 6:11 am Post subject: |
|
|
Folk using Windows XP Media Edition may well find wireless devices useful.
I'd agree with Capi on the wireless keyboards for normal computer users, although I can see how a wireless mouse may appeal to some users.
|
|
| Back to top |
|
|
jansson_markus
Just Arrived
Joined: 28 Dec 2004
Posts: 0
Location: Finland
|
| Posted: Sat Jan 21, 2006 8:57 am Post subject: |
|
|
Wireless mouse? Who cares, its not a security risk in 99,9999% of cases.
Wireless keyboard? Oh boy, now THAT is a huge risk. Basically, there are two sorts of wireless keyboards: modelX and Bluetooth.
- ModelX is somewhat even more secure than Bluetooth, because ModelX uses some usually unknown, weak, yes, but strange crypto etc. Its frequences arent usually known either (yes, scanner can pick them up anyway but its harder). Problem is, that there is no way in heck to make them secure by user.
- Bluetooth keyboards are different story. Their only security lies on the long and random PIN and to the fact that they are set to use encryption only. The downside is, that they usually dont have long and random PIN:s (typical is 1234 or 0000), and that PIN:s cannot be changed by the user! If user could change the PIN:s and would use something like 24+ marks long PIN:s, then Bluetooth would be very secure indeed (presuming that devices are forced to use crypto, which might not be the case).
Personally, I would never, ever, use wireless keyboards to anything. Wireless mouse might be an option. Having anything wireless that you cannot control totally (like you can WLAN for example), is severe security risk. Not to mention when we are talking about keyboard...come on folks! Its your usernames and passphrases going on-the-air! 
|
|
| Back to top |
|
|
PSTUBb
Just Arrived
Joined: 11 Nov 2005
Posts: 0
|
| Posted: Sat Jan 21, 2006 7:07 pm Post subject: |
|
|
Indeed listening to the keyboard would be something a little easier to do. you could even create a device like the one they use to tap wired keyboards, but this time it would be easier to hide because you can hide it anywhere within a 4 meter radius of the keyboard (depending on the range of the keyboard) instead of directly where the wire plugs into the computer...
If you find a bluetooth keyboard there is plenty of info on cracking the pin, plus if the pin is often short like 4 digits it wouldnt take half a second to crack. Who designs a wireless keyboard having in mind that someone might try to hack it?
|
|
| Back to top |
|
|
psg
Just Arrived
Joined: 21 Jan 2006
Posts: 0
Location: London, UK
|
| Posted: Sat Jan 21, 2006 7:27 pm Post subject: |
|
|
Actually...
Most (if not all) Bluetooth keyboard/mouse combo's do encrypt the data they send to the base station/box.
Take the older Logitech Dinova set for example which, and I quote, uses "... (a) unique encrypted pairing between your keyboard, numeric pad, mouse, and your receiver, making it optimal for today's performance and security demands."
Blue jacking a wireless keyboard or even key logging it with some custom hardware is not something that is ever likely to become a real security concern for two primary reasons:
1) 4-10 feet of range limits the attack vector considerably. You'd be better off installing TCP/IP key logging software on the machine to send information to a remote host (or other existing methods) if you were intent on key logging it – the range in question suggests you most likely have access to the target machine anyway. Blue jacking (even if you did manage to break the pairing/encryption) is just not efficient in this case - I can stretch to trying to blue jack/key log through a wall at a hotel or university but still...
2) Its encrypted anyway - usually with a purpose coded cipher specific to the model/supplier. Again, this makes any usage of any possible key logging quite a mission and just not as efficient as conventional methods.
I suppose it is possible to break the cipher (good luck trying) and stand on the other side of a wall in a hotel or university dorm or something. That’s the end of the case notes.
|
|
| Back to top |
|
|
jansson_markus
Just Arrived
Joined: 28 Dec 2004
Posts: 0
Location: Finland
|
| Posted: Sat Jan 21, 2006 7:50 pm Post subject: |
|
|
| psg wrote: |
| 1) 4-10 feet of range limits the attack vector considerably. |
BS. The attacks can be made over mile away.
http://www.engadget.com/entry/6955285741774729/
" An Austrian Bluetooth researcher in Santa Monica Bay recently used an antenna and a modified dongle (don’t do this at home, kids) to steal the entire address book as well as send an SMS from a target phone 1.08 miles away."
| Quote: |
| Blue jacking (even if you did manage to break the pairing/encryption) |
Since PIN:s are typically 0000 or 1234 and they cannot usually be changed, you can crack it open in split second.
| Quote: |
| 2) Its encrypted anyway - usually with a purpose coded cipher specific to the model/supplier. Again, this makes any usage of any possible key logging quite a mission and just not as efficient as conventional methods. |
Yes, in case on modelX keyboards. Bluetooth uses Bluetooths encryption, which is well documented etc.
[/quote]
|
|
| Back to top |
|
|
psg
Just Arrived
Joined: 21 Jan 2006
Posts: 0
Location: London, UK
|
| Posted: Sat Jan 21, 2006 7:53 pm Post subject: |
|
|
| Quote: |
| BS. The attacks can be made over mile away. |
I think you are thinking about mobile phone bluetooth ... not keyboards.
Keyboard from a mile away even with a bluetooth gun? I think not.
End of story.
The rest of the above post didn't make much sense or reference anything to back it up  if you can bluejack a keyboard from a mile away - by all means do so and let us know about it
|
|
| Back to top |
|
|
jansson_markus
Just Arrived
Joined: 28 Dec 2004
Posts: 0
Location: Finland
|
| Posted: Sat Jan 21, 2006 9:36 pm Post subject: |
|
|
| psg wrote: |
| I think you are thinking about mobile phone bluetooth ... not keyboards. |
Bluetooth is bluetooth.
| Quote: |
| Keyboard from a mile away even with a bluetooth gun? I think not. |
I dont care what you believe. Thats the fact. Bluetooth gun can collect information and connect to bluetooth devices over mile away. Period.
| Quote: |
| The rest of the above post didn't make much sense or reference anything to back it up |
Apparently you do not know that most bluetooth devices come with PIN:s 1234 or 0000 default. Apparently you dont know that most bluetooth devices do not allow changing of PIN and/or long and complex PIN:s. I suggest getting some basic information about Bluetooth and BT devices before you start bashing my comments about them.
| Quote: |
| if you can bluejack a keyboard from a mile away - by all means do so and let us know about it |
Strawman.
I didnt claim that I CAN bluejack keyboard from a mile away - I sayed IT CAN BE BLUECJACKED over a mile away (propably, I see no reason why not since other BT devices can be).
|
|
| Back to top |
|
|
capi
SF Senior Mod
Joined: 21 Sep 2003
Posts: 55
Location: Portugal
|
| Posted: Sun Jan 22, 2006 12:18 am Post subject: |
|
|
Now lads, play nice... 
|
|
| Back to top |
|
|
psg
Just Arrived
Joined: 21 Jan 2006
Posts: 0
Location: London, UK
|
| Posted: Sun Jan 22, 2006 12:32 am Post subject: |
|
|
Nothing you say will ever make blue jacking a keyboard a viable attack vector.
Prove me wrong, I am using a blue tooth keyboard.
Jack me.
PS.
| Quote: |
| Bluetooth is bluetooth |
Mobile phone's don't use base stations.
|
|
| Back to top |
|
|
jansson_markus
Just Arrived
Joined: 28 Dec 2004
Posts: 0
Location: Finland
|
| Posted: Sun Jan 22, 2006 4:48 am Post subject: |
|
|
| psg wrote: |
| Nothing you say will ever make blue jacking a keyboard a viable attack vector. |
No, nothing I say will, but what is known and what is done does.
Break the connection to make them repair. Listen to the pairing process to get other values except PIN. Try out PIN:s 1234 and 0000 (and if you dont get lucky, then start brute forcing it out) to calculate/formulate the encryption key. Grap it. Decrypt communications. Period.
You see, everything used to calculate the encryption keys is transferred over-the-air on plaintext, except PIN:s. If you know the PIN (default values for example), you can always decrypt the traffic by simply monitoring the pairing process (to grap the other information needed to calculate the key). If no pairing is happening, simply force it, and voila!
Ofcourse, you could try to break the Bluetooth encryption too, even if its set to use long PIN:s. There are vulnerabilities in bt encryption, like this http://www.terminodes.org/micsPublicationsDetail.php?pubno=1216 they might not be enought for any newbie to break it, but they proove that is anyway not-secure.
| Quote: |
| Prove me wrong, I am using a blue tooth keyboard. |
I dont have to prove you anything. The facts are all there for you to read.
There are several security issues with Bluetooth, three most severe ones are
1) Default PIN:s.
2) Short PIN:s.
3) Poor encryption implementation/algorithm.
| Quote: |
| Mobile phone's don't use base stations. |
Irrelevant. Bluetooth is still Bluetooth with its protocols, encryptions and vulnerabilities. In this case, the issue was Bluetooth range, which, as I pointed out, is over a mile instead of 10 meters.
|
|
| Back to top |
|
|
psg
Just Arrived
Joined: 21 Jan 2006
Posts: 0
Location: London, UK
|
| Posted: Sun Jan 22, 2006 4:49 pm Post subject: |
|
|
| Quote: |
| Irrelevant. Bluetooth is still Bluetooth with its protocols, encryptions and vulnerabilities. In this case, the issue was Bluetooth range, which, as I pointed out, is over a mile instead of 10 meters. |
Except you have to signal a base station (ie press an actual connect button on the hardware...) before you make a connection. Unlike with cell phones which when bluetooth is left on; allow all connections by default.
Although I am sure from your someone aggressive responses to my posts that no one is ever going to convince you your idea is flawed and thus we should probably stop this "debate" anyway.
|
|
| Back to top |
|
|
|
