RE: Wireless Keyboard Security

["Matthew F. Caldwell" <mattc () guarded net>]

All though more difficult, an example attack would consist of the mouse moving to the start button, opening a keyboard 
(for handicap use) and then proceeding to type using the mouse clicks as fingers. 


Matt

-----Original Message-----
From: Glen Becker [mailto:glen.becker () gmail com] 
Sent: Thursday, March 24, 2005 10:37 PM
To: security-basics () securityfocus com
Subject: Re: Wireless Keyboard Security

Just to clarify for myself, since the discussion has mentioned
products that appear to have keyboards with an integrated pointing
device but centered on the potential key-logging vuln:

Is there any risk posed, or valuable info trasmitted, by wireless mice?

Regards,

-Glen Becker


On Wed, 23 Mar 2005 20:33:52 -0700, David King <davewking () gmail com> wrote:
> Here's a successful attack on a wireless keyboard/mouse combo made by logitech.
>
> http://www.osvdb.org/displayvuln.php?osvdb_id=13367
>
> and the original message
>
> http://archives.neohapsis.com/archives/bugtraq/2001-05/0224.html
>
> Looks bad.
>
> Laters,
> Dave King
> http://www.thesecure.net
>
> On Wed, 23 Mar 2005 18:16:06 +0000, Pedro Venda
> <pjvenda () arrakis dhis org> wrote:
> > On Wednesday 23 March 2005 05:25, Alvin Oga wrote:
> > > hi ya jared
> > >
> > > On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:
> > > > My job involves reviewing computer security at a bank, and I was very
> > > > surprised to see that nearly all of the computers at one of my branches
> > > > are using these wireless mouse/keyboard combos. It seems like this could
> > > > be a potentially serious security risk,
> > >
> > > yup .. big problem
> >
> > I agree. This is a serious issue, and I don't think current hardware is
> > encrypting data. hardware sniffers can now be wireless too :-)
> >
> > The wireless peripherals are now hype (not in the sense that they won't be
> > used further, but in the sense that everyone has one). with wireless
> > ethernet, there were security concerns (not efficiently solved) from day 1,
> > but most people overlook this issue on other peripherals, which I consider
> > very serious.
> >
> > It'd be expensive for manufacturers to start producing peripherals with decent
> > encryption/decryption hardware, so I don't predict short/medium term changes.
> > After all, mose people (even on banks !!!) don't see this issue, so why would
> > the masses pay more for something not obviously necessary?
> >
> > regards,
> > pedro venda.
> > --
> >
> > Pedro João Lopes Venda
> > email: pjvenda < at > arrakis.dhis.org
> > http://arrakis.dhis.org