This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby

This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby

January 12, 2015 10:55 PM

By Emil Protalinski    

Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online.

This is no toy. KeySweeper includes a web-based tool for live keystroke monitoring, can send SMS alerts for trigger words, usernames, or URLs (in case you want to steal a PIN number or password), and even continues to work after it is unplugged thanks to a rechargeable internal battery. That’s an impressive list of features, especially given that Kamkar told VentureBeat the whole process “took a few days” including a few over Christmas break and this past weekend when he decided “to properly document it.”

This “spy tool” only affects Microsoft wireless keyboards, and it allegedly works with many, if not most, of them. As a result, we reached out to let the company know. “We are aware of reports about a ‘KeySweeper’ device and are investigating,” a Microsoft spokesperson told VentureBeat.

KeySweeper exploits multiple bugs, including the fact that all Microsoft keyboards use the same first byte in their MAC address. Along with a few other holes, it can thus allegedly decrypt any Microsoft keyboard nearby without having to specify its MAC address first.

Kamkar told VentureBeat that he tested KeySweeper “on a brand new keyboard I purchased only a few weeks ago from Best Buy.” Naturally he hasn’t tested it on all Microsoft keyboards — that’s a claim the company will undoubtedly have to verify itself.

In the meantime, Kamkar has put together a walkthrough video for a more in-depth look of KeySweeper:

Kamkar says the unit cost for KeySweeper ranges from $10 to $80, depending on which functions you require. The hardware breakdown is as follows:

••$3 – $30: An Arduino or Teensy microcontroller can be used.

••$1: nRF24L01+ 2.4GHz RF Chip which communicates using GFSK over 2.4GHz.

••$6: AC USB Charger for converting AC power to 5v DC.

••$2 (Optional): An optional SPI Serial Flash chip can be used to store keystrokes on.

••$45 (Optional): Adafruit has created a board called the FONA which allows you to use a 2G SIM card to send/receive SMS, phone calls, and use the Internet directly from the device.

••$3 (Optional if using FONA): The FONA requires a mini-SIM card (not a micro-SIM).

••$5 (Optional, only if using FONA): The FONA provides on-board LiPo/LiOn battery recharging, and while KeySweeper is connected to AC power, the battery will be kept charged, but is required nonetheless.

As for the software, the primary code is installed on the microcontroller, while the web-based backend uses jQuery and PHP. KeySweeper’s source code and schematic are available on GitHub.

KamKar hopes his project will do more than just give would-be spies a how-to guide. He told VentureBeat: “I hope this creates pressure to ensure that we have proper encryption in new wireless products that come out!”

http://venturebeat.com/2015/01/12/this-usb-wall-charger-secretly-logs-keystrokes-from-microsoft-wireless-keyboards-nearby/