Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Keyboards with AES 128-Bit Encryption good enough?


  • Please log in to reply
21 replies to this topic

#1 bcmo

bcmo

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 04 June 2017 - 04:04 PM

Given the threat of wireless keyboard sniffing and keylogging, are keyboards similar to these (with AES 128-Bit Encryption) safe enough for the average user?
https://www.amazon.com/Microsoft-M7J-00001-Wireless-Desktop-2000/dp/B004SUO1QM
https://www.amazon.com/Logitech-MK360-Wireless-Keyboard-Mouse/dp/B00L1Y11D4
https://www.amazon.com/Logitech-MK520-Wireless-Keyboard-Mouse/dp/B003VANO7C



BC AdBot (Login to Remove)

 


#2 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:39 PM

Posted 04 June 2017 - 04:14 PM

As far as I know. I have not seen any articles or reports suggestion otherwise, but then I have not really gone looking for them and my current reading list is not super broad.

#3 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 04 June 2017 - 04:41 PM

You can consider AES-128 as pretty much impossible to crack. While it is possible to crack it with a lot of time and computing power the attacker would probably need more time than they live. So yeah... It should be save enough for (nearly) all uses.


White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#4 bcmo

bcmo
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 04 June 2017 - 06:35 PM

Just found this article which lists two of the models I linked to above.

https://www.lifehacker.com.au/2016/10/your-wireless-keyboard-isnt-safe-even-with-aes-encryption/

 

What do you think?



#5 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:39 PM

Posted 04 June 2017 - 09:20 PM

Just found this article which lists two of the models I linked to above.
https://www.lifehacker.com.au/2016/10/your-wireless-keyboard-isnt-safe-even-with-aes-encryption/
 
What do you think?


Only one of the hacks mentioned in that article was of the encrypted keyboard itself and that was done WITHOUT physical access to the keyboard it sounds like. The one was mouse based for mice that were not encrypted. The other seemed to require physical access to the keyboard.

The one that did "attack" the encrypted keyboard while not having physical access seemed quite involved and I am not sure how easy it would be to implement with out eyes on the computer (i.e. how do you know which part of the "recording" was the part that included unlocking the computer sight unseen...it may not matter, of course, as you could play the whole recording, but not sure whether that might complicate then using the mouse attack vector as was described as needing to do AFTER unlocking the computer).

In other words, it seems like a proof of concept, but not really sure how practical of an attack vector it really is. Seems like an awful lot of work to then use to try to attack some consumer in a house with maybe iffy results (i.e. does the consumer have a wireless keyboard with an unencrypted wireless mouse? and what do you gain by attacking that particular consumer?). In general, I believe these types of attacks are more likely to be perpetrated against a business than a consumer sitting at home. So, if you sitting at home and debating whether or not to use a wireless keyboard that uses encryption, I likely would not stress to much over it. Of course, if you do stress about it, then the easy solution is just to use a wired keyboard.

I only have one wireless keyboard that is used with an old computer that is turned off 99% of the time. Makes it easier to use on the few occasions that I boot it up. So, if some crook wants to sit around in a car somewhere outside my house for months at a time just for the few occasions I boot up that computer, then more power too them. Of course, there are likely way easier targets for them to go after than wasting time waiting for me to boot up my one old computer that uses a wireless keyboard. And of course, many crooks will always pick the softer targets. It is kind of like the old says of "I don't need to out run the bear, just the other guy". So, don't be the slower guy, aka the softer target and your odds are pretty good (not completely fool proof, but pretty good). :grinner:

Edited by smax013, 04 June 2017 - 09:20 PM.


#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 05 June 2017 - 03:02 AM

Here is the paper from the researchers: https://www.syss.de/fileadmin/dokumente/Publikationen/2017/2017_06_01_of-mice-and-keyboards_paper.pdf

 

What gets my attention is the replay attack (5.3): with all tested keyboards, they were able to record the wireless signals and later play them back, and the PC would "type" the same keystrokes.

 

But I would not worry about a replay attack on a home computer.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#7 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 05 June 2017 - 03:30 AM

Just found this article which lists two of the models I linked to above.
https://www.lifehacker.com.au/2016/10/your-wireless-keyboard-isnt-safe-even-with-aes-encryption/
 
What do you think?


I thought you were only talking about capturing keystrokes wirelessly. Sorry.
White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#8 bcmo

bcmo
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 05 June 2017 - 06:29 PM

I thought you were only talking about capturing keystrokes wirelessly. Sorry.

I was, as well as any other threat there is.
No need to apologize. (My question "What do you think" was to seek opinions on the article, not to challenge you.)
 
 

But I would not worry about a replay attack on a home computer.

Why?


Edited by bcmo, 05 June 2017 - 06:31 PM.


#9 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 05 June 2017 - 06:35 PM

I thought you were only talking about capturing keystrokes wirelessly. Sorry.

I was, as well as any other threat there is.
No need to apologize. (My question "What do you think" was to seek opinions on the article, not to challenge you.)
 
 
Alright: Syss GmbH is a pentesting company that is quite known in Germany and I don't know anything with a network, USB or cellular connection they have not hacked yet so I don't find it too surprising.

But I would not worry about a replay attack on a home computer.

Why?

Because for such an attack someone has to be in reach of the keyboard while you are entering a password. That usually means inside your house. With physical access to a machine it's not hard to crack the password anyways (I usually need 1-10 minutes depending on OS and so).
White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.

#10 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:39 PM

Posted 05 June 2017 - 06:53 PM

But I would not worry about a replay attack on a home computer.

Why?


Because for such an attack someone has to be in reach of the keyboard while you are entering a password. That usually means inside your house. With physical access to a machine it's not hard to crack the password anyways (I usually need 1-10 minutes depending on OS and so).


The whole point of this hack is that they don't have to be within reach of your keyboard. They can be up to maybe 2 km away with the right radio equipment.

It does require that you are using a mouse that is not encrypted as their attack only really used the keyboard for "replaying" the entering of the password to log into the computer. From there, they use the unencrypted mouse to then control the computer.

As to why one should not worry about it being used against a home computer...I would argue because there it not much "bang for the buck" to hit most people's home computer. Most people who would do this kind of criminal type stuff do it for money. And most of your typical consumer, home users are going to have way less way to get money from than some business. So, most crooks who would employ this would likely focus on targeting businesses where they have more potential for money to be made. Now, it is always possible that someone who really hates some home user might try this for some reason, but that is likely the exception rather than the rule.

#11 bcmo

bcmo
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 05 June 2017 - 07:09 PM

It does require that you are using a mouse that is not encrypted as their attack only really used the keyboard for "replaying" the entering of the password to log into the computer. From there, they use the unencrypted mouse to then control the computer.

But the article lists these two items that come with encrypted mice?
Logitech MK530
Microsoft Wireless Desktop 2000

#12 smax013

smax013

  • BC Advisor
  • 2,329 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:12:39 PM

Posted 05 June 2017 - 07:28 PM

It does require that you are using a mouse that is not encrypted as their attack only really used the keyboard for "replaying" the entering of the password to log into the computer. From there, they use the unencrypted mouse to then control the computer.

But the article lists these two items that come with encrypted mice?
Logitech MK530
Microsoft Wireless Desktop 2000


From the Lifehacker article:
 

The pair tested the keyboards against a handful of attacks, some involving hardware hacking on the keyboards themselves, others exploited vulnerabilities that exist in the mice that comes with keyboards sets that usually don't have encryption.


Emphasis is mine. That is what I was referring to. If you further read that article in the next paragraph, that talks about the "replay" attack that I was referring to.

#13 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 06 June 2017 - 06:59 PM

 
 

But I would not worry about a replay attack on a home computer.

Why?

 

 

Because this attack requires proximity, specialized hardware and some skills.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2018
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#14 bcmo

bcmo
  • Topic Starter

  • Members
  • 234 posts
  • OFFLINE
  •  
  • Local time:01:39 PM

Posted 11 June 2017 - 09:43 AM

...others exploited vulnerabilities that exist in the mice that comes with keyboards sets that usually don't have encryption.


Emphasis is mine. That is what I was referring to. If you further read that article in the next paragraph, that talks about the "replay" attack that I was referring to.

So basically even if the keyboard is 128 bit encrypted, the mouse never is?

Edited by bcmo, 11 June 2017 - 09:43 AM.


#15 Moritz30

Moritz30

  • Members
  • 69 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:39 PM

Posted 11 June 2017 - 05:06 PM

...others exploited vulnerabilities that exist in the mice that comes with keyboards sets that usually don't have encryption.

Emphasis is mine. That is what I was referring to. If you further read that article in the next paragraph, that talks about the "replay" attack that I was referring to.
So basically even if the keyboard is 128 bit encrypted, the mouse never is?

Not never, but most of the times
White Hat, Security Researcher, Modder, CEO at and founder of @DragonTeamMC, @OmniDragonBot and CryptID. Real name is Matthias Merkel.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users