Security Basics mailing list archives
RE: Wireless Keyboard Security
From: "Matthew F. Caldwell" <mattc () guarded net>
Date: Mon, 28 Mar 2005 13:44:12 -0500
All though more difficult, an example attack would consist of the mouse moving to the start button, opening a keyboard (for handicap use) and then proceeding to type using the mouse clicks as fingers. Matt -----Original Message----- From: Glen Becker [mailto:glen.becker () gmail com] Sent: Thursday, March 24, 2005 10:37 PM To: security-basics () securityfocus com Subject: Re: Wireless Keyboard Security Just to clarify for myself, since the discussion has mentioned products that appear to have keyboards with an integrated pointing device but centered on the potential key-logging vuln: Is there any risk posed, or valuable info trasmitted, by wireless mice? Regards, -Glen Becker On Wed, 23 Mar 2005 20:33:52 -0700, David King <davewking () gmail com> wrote:
Here's a successful attack on a wireless keyboard/mouse combo made by logitech. http://www.osvdb.org/displayvuln.php?osvdb_id=13367 and the original message http://archives.neohapsis.com/archives/bugtraq/2001-05/0224.html Looks bad. Laters, Dave King http://www.thesecure.net On Wed, 23 Mar 2005 18:16:06 +0000, Pedro Venda <pjvenda () arrakis dhis org> wrote:On Wednesday 23 March 2005 05:25, Alvin Oga wrote:hi ya jared On Tue, Mar 22, 2005 at 04:13:16PM -0700, Badger, Jared wrote:My job involves reviewing computer security at a bank, and I was very surprised to see that nearly all of the computers at one of my branches are using these wireless mouse/keyboard combos. It seems like this could be a potentially serious security risk,yup .. big problemI agree. This is a serious issue, and I don't think current hardware is encrypting data. hardware sniffers can now be wireless too :-) The wireless peripherals are now hype (not in the sense that they won't be used further, but in the sense that everyone has one). with wireless ethernet, there were security concerns (not efficiently solved) from day 1, but most people overlook this issue on other peripherals, which I consider very serious. It'd be expensive for manufacturers to start producing peripherals with decent encryption/decryption hardware, so I don't predict short/medium term changes. After all, mose people (even on banks !!!) don't see this issue, so why would the masses pay more for something not obviously necessary? regards, pedro venda. -- Pedro João Lopes Venda email: pjvenda < at > arrakis.dhis.org http://arrakis.dhis.org
Current thread:
- Wireless Keyboard Security Badger, Jared (Mar 22)
- Re: Wireless Keyboard Security Alvin Oga (Mar 23)
- Re: Wireless Keyboard Security Pedro Venda (Mar 23)
- Re: Wireless Keyboard Security David King (Mar 24)
- Re: Wireless Keyboard Security Glen Becker (Mar 28)
- Re: Wireless Keyboard Security Kinnell (Mar 29)
- Re: Wireless Keyboard Security Pedro Venda (Mar 23)
- Re: Wireless Keyboard Security Alvin Oga (Mar 23)
- <Possible follow-ups>
- RE: Wireless Keyboard Security Beauford, Jason (Mar 23)
- RE: Wireless Keyboard Security Jeff Gercken (Mar 24)
- RE: Wireless Keyboard Security Matthew F. Caldwell (Mar 29)