A vulnerability in inexpensive wireless keyboards lets hackers steal private data, Bastille reported this week.
The vulnerability lets hackers use a new attack the firm dubbed “KeySniffer” to eavesdrop on and capture every keystroke typed from up to 250 feet away
The stolen data is rendered in clear text. It lets hackers search for victims’ credit card information, bank account usernames and passwords, answers to security questions, network access passwords, and any data typed into a document or email.
“Almost all access credentials have value to hackers,” noted Tom Clare, vice president of marketing at Gurucul.
“Hijacked or compromised access credentials to the corporate cloud “are the keys to the kingdom,” he told TechNewsWorld.
“KeySniffer demonstrates that as many as two thirds of the lower-cost wireless keyboards currently on the market implement no encryption whatsoever, leaving them vulnerable to passive keystroke sniffing and injection,” observed Bastille’s Marc Newlin.
Affected keyboards are made by eight companies: HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric and EagleTec.